using pf to emulate different source ip's
Vadim Goncharov
vadim_nuclight at mail.ru
Wed Mar 19 11:38:29 UTC 2008
Hi Kuat Eshengazin!
On Thu, 6 Mar 2008 00:39:01 +0600; Kuat Eshengazin <eskuat at gmail.com> wrote:
> I'm testing a device with application layer firewall and one of the features
> requires HTTP connection from multiple IP-addresses.
> Device logs clients ip addresses and then depending on statistic calculation
> tries to do smth with such kind of requests in future (block or pass for
> example)
> Device directly connected to machine with Freebsd 7.0 + pf
> Is it possible to rewrite source ip addresses with pf?
> Is it possible to pick up source ip addresses from table or list
> randomly/round robin?
> I.ve tried to play with nat rules like
> nat on $ext_if inet from $ext_if to any -> 192.168.2.0/24 source-hash
> but there was no much success.
This is possible with ipfw + natd + some scripting/option playing. And you can
use both pf and ipfw at the same time.
--
WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight at mail.ru
[Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]
More information about the freebsd-pf
mailing list