PFsync & RDR/NAT
Thomas Steen Rasmussen
thomas at gibfest.dk
Sat Mar 19 14:20:19 UTC 2011
On 19.03.2011 09:46, Melissa Jenkins wrote:
> Hi Thomas,
>
> I wish it was that simple :(
>
> If I add it to the rdr I get an error loading the file:
> rdr pass on $if proto udp from <napts> to any port 53 -> 127.0.0.1 port 53 keep state (no-sync)
>
> pf.conf:124: syntax error
>
> If I put it on the pass rule it doesn't stop the state from being synchronised... I'm guessing because the state was created by the RDR rule. I've tried in Freebsd 8.0 & 8.1
>
Hello,
You need to remove the "pass" keyword from the RDR rule and make
an explicit "pass" rule with the no-state keyword.
So instead of:
rdr pass on $if proto udp from <napts> to any port 53 -> 127.0.0.1 port
53 keep state (no-sync)
You do:
rdr on $if proto udp from <napts> to any port 53 -> 127.0.0.1 port 53
pass in on $if inet proto udp from <napts> to 127.0.0.1 port 53 keep
state (no-sync)Best regards
Let me know how it works out.
Thomas Steen Rasmussen
ps. Please don't top-post :)
More information about the freebsd-pf
mailing list