Re: Using pf to force different outgoing IP address depending on UNIX user/group for locally originating connection?

On Tuesday 31 January 2006 20:54, Eduard Vopicka wrote: > My goal is to use pf to force (via NAT) different IP outgoing addresses > depending on UID and/or GID of the program establishing the connection, for > connections originating locally on machine with FreeBSD 5.4. (I do not > expect this to w

Re: Using pf to force different outgoing IP address depending on UNIX user/group for locally originating connection?

On Wed, Feb 01, 2006 at 08:01:36AM -0600, Bill Marquette wrote: > I haven't looked at the code, but I wouldn't be terribly surprised if > you couldn't just copy/paste the user match code in the lexer for > filter rules into the nat part of the lexer. No, the user/group options are not valid in tr

Re: Port redirection just not working!

On Wed, Feb 01, 2006 at 09:58:45AM -0600, Keith Bottner wrote: > I am having a problem getting packet filter to redirect incoming traffic > destined for a specific IP and port to an internal DMZ host. Interestingly > enough I am not having a problem doing the same with SSH just with these > nonsta

Re: netflow v5 - src AS/dst AS

On Wed, 1 Feb 2006 19:54:05 +0200 Nickola Kolev <[EMAIL PROTECTED]> wrote: : Hello, fellow posters [ cut ] Sorry, this is more appropriate for [EMAIL PROTECTED] My appologies. Cheers, Nickola ___ freebsd-pf@freebsd.org mailing list http://lists.freeb

netflow v5 - src AS/dst AS

Hello, fellow posters, As you can see from the subject, I'd like to set up a PC-based netflow v5 probe, capable of exporting information about specific source and destination ASes for the purpose of accounting. Regretfully, I didnt come to any solution, mostly because the kernel FIB, eventhough in

Re: Port redirection just not working!

On 2/1/06, Keith Bottner <[EMAIL PROTECTED]> wrote: > I am having a problem getting packet filter to redirect incoming traffic > destined for a specific IP and port to an internal DMZ host. > rdr pass on $ext_if proto tcp from any to $ext_http_addr port 9874 -> > $dmz_clip_addr If you use an RDR

Port redirection just not working!

I am having a problem getting packet filter to redirect incoming traffic destined for a specific IP and port to an internal DMZ host. Interestingly enough I am not having a problem doing the same with SSH just with these nonstandard ports. I was originally redirecting the traffic and then placing f

Re: Using pf to force different outgoing IP address depending on UNIX user/group for locally originating connection?

On 1/31/06, Dmitry Andrianov <[EMAIL PROTECTED]> wrote: > Hello. > > To my understanding, you can apply nat rule to tagged packets only. This > should do the trick. > > nat on $ext_if tagged TAG1 -> 192.168.33.14 > nat on $ext_if tagged TAG2 -> 192.168.33.15 You can apply tags to NATs, however the