pf version 3.7 on freebsd
David DeSimone
fox at verio.net
Fri Jun 15 19:30:48 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Leandro Malaquias <lm.net.security at gmail.com> wrote:
>
> I've heard that the pf version being used on freebsd 6-stable is 3.7 so the
> features "pass" and "log" when using "rdr" won't work.
"pass" works, but "log" does not.
You can work around this by forgoing "pass" and instead use "tag" to add
a NAT tag to your redirected packets, then create a "pass" rule which
passes and logs the resultant traffic.
rdr on $EXT_IF proto tcp from x.x.x.x to y.y.y.y port zz \
tag REDIRECT -> w.w.w.w
pass in log quick on $EXT_IF all tagged REDIRECT
- --
David DeSimone == Network Admin == fox at verio.net
"It took me fifteen years to discover that I had no
talent for writing, but I couldn't give it up because
by that time I was too famous. -- Robert Benchley
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFGcujmFSrKRjX5eCoRAmqhAJ4/FeplWFekEhytmIPF8I4GERkRmQCeNh58
X5luzos0BKO1ZRB0FVUzNdQ=
=p3Vi
-----END PGP SIGNATURE-----
More information about the freebsd-pf
mailing list