From nobody Sun Nov 28 19:06:21 2021
X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 32ACF18B950F
	for <freebsd-pf@mlmmj.nyi.freebsd.org>; Sun, 28 Nov 2021 19:06:39 +0000 (UTC)
	(envelope-from ozkan.kirik@gmail.com)
Received: from mail-ua1-x92e.google.com (mail-ua1-x92e.google.com [IPv6:2607:f8b0:4864:20::92e])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4J2Hyk2VJBz3NmK
	for <freebsd-pf@freebsd.org>; Sun, 28 Nov 2021 19:06:38 +0000 (UTC)
	(envelope-from ozkan.kirik@gmail.com)
Received: by mail-ua1-x92e.google.com with SMTP id p37so29432546uae.8
        for <freebsd-pf@freebsd.org>; Sun, 28 Nov 2021 11:06:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:from:date:message-id:subject:to;
        bh=pDDTt1E0ROK2hkiegQJet4i76/WGc0VwU9qiJCdW2qE=;
        b=c3ZU0eZk8xZam/Jo/B9kMX9hUlNRsQ1r38Yw88nXOA9RElHMcgPaE+sqixzxvJmoky
         IAcHRRDt/Ubx/ThrMEbKBEWi0hKntoYZ8g/lXBOkcTPV0pouP2OtAw+CtUq3cQMkMPu9
         Dpenbu6HyN2cCSrSYNoWbT/8jnLCEN43dUGFxzhh7TuuIUzkgEu5gTVVzz/Vs8TOqAAl
         XXV7G7pIpMR/NjyW41Cc0UnkOuUIm8anEEwMQA8oNixHYCNEdCdT1FPRZgr5QDv6xeyP
         5YI0yUN1YLCIKK2vyQDJznlOWnw6s+rpODkpXimiTkxsdeom+g4z6cyG7qlQQPukzDuY
         bPuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=pDDTt1E0ROK2hkiegQJet4i76/WGc0VwU9qiJCdW2qE=;
        b=MtNtg+MY8Ix3eC9pwh95gnssTImARTRelAIIKQ9nTBTxoVJBFTT+b0FcReEZAmt+Xn
         f316XJ4c1NTGUDT7+jb3rQB296bKmAyCR6OQ7WuddmRJ7vmPhJeCid7S9z4rle3GORq5
         2PijRtpy9MgkD+x4lpio/scSe714JVSluQjuT3KLky9uRAvBlNqs85nlX6GPQMHDJkyX
         Dc34Z1xNiomZ3ANZYrqhCYeQmAfwZeMrNd8DqFqY/7bytO8KxUThUR+OoOVWBHlgQPyY
         8HuazH2yFt6AhGTzT6cYzyzDd9/oiDJBMW9S3gA1EYfWrQqHFrC6Fz3X80GGsk+/sCZM
         822g==
X-Gm-Message-State: AOAM532+fPiR/2beffYkQ5de2CU6PFgfJTlY1FDgfiqZ/nGAFHal+0T0
	LIDRjugQvRxQFXs3IfNvr9h93ABQnVz+o4jYxUaL4KqK
X-Google-Smtp-Source: ABdhPJyorrdxLg3UqdImA/DAKn4V8ybUnK7jkiVjhzDC1aPGKjNGcdkqalJdv1LrCmL3qAH21WGxZzY6swdAwZpgc0E=
X-Received: by 2002:a05:6102:548f:: with SMTP id bk15mr28606430vsb.31.1638126391774;
 Sun, 28 Nov 2021 11:06:31 -0800 (PST)
List-Id: Technical discussion and general questions about packet filter (pf) <freebsd-pf.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-pf
List-Help: <mailto:pf+help@freebsd.org>
List-Post: <mailto:pf@freebsd.org>
List-Subscribe: <mailto:pf+subscribe@freebsd.org>
List-Unsubscribe: <mailto:pf+unsubscribe@freebsd.org>
Sender: owner-freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
MIME-Version: 1.0
From: =?UTF-8?B?w5Z6a2FuIEtJUklL?= <ozkan.kirik@gmail.com>
Date: Sun, 28 Nov 2021 22:06:21 +0300
Message-ID: <CAAcX-AEJ-gc-FWdx_zKS7n8_=n7V98w2Sahvsvu9XLozZP949g@mail.gmail.com>
Subject: Logging NAT translations and correlating nat & rule logs
To: freebsd-pf@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 4J2Hyk2VJBz3NmK
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=c3ZU0eZk;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (mx1.freebsd.org: domain of ozkankirik@gmail.com designates 2607:f8b0:4864:20::92e as permitted sender) smtp.mailfrom=ozkankirik@gmail.com
X-Spamd-Result: default: False [-4.00 / 15.00];
	 ARC_NA(0.00)[];
	 NEURAL_HAM_MEDIUM(-1.00)[-0.998];
	 R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112];
	 FROM_HAS_DN(0.00)[];
	 DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
	 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c];
	 FREEMAIL_FROM(0.00)[gmail.com];
	 MIME_GOOD(-0.10)[text/plain];
	 PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org];
	 TO_DN_NONE(0.00)[];
	 RCPT_COUNT_ONE(0.00)[1];
	 NEURAL_HAM_LONG(-1.00)[-0.999];
	 MID_RHS_MATCH_FROMTLD(0.00)[];
	 TO_MATCH_ENVRCPT_ALL(0.00)[];
	 DKIM_TRACE(0.00)[gmail.com:+];
	 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	 RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::92e:from];
	 NEURAL_HAM_SHORT(-1.00)[-1.000];
	 FROM_EQ_ENVFROM(0.00)[];
	 MIME_TRACE(0.00)[0:+];
	 FREEMAIL_ENVFROM(0.00)[gmail.com];
	 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
	 TAGGED_FROM(0.00)[];
	 RCVD_TLS_ALL(0.00)[];
	 RCVD_COUNT_TWO(0.00)[2]
X-ThisMailContainsUnwantedMimeParts: N

Hi,

I'm trying to log NAT, BINAT, RDR translations. But the "nat log on
...." statement only logs the packets after translation is done. So
the information before translation is lost.
Is there a way to log the translation details ?

The other question: how can I correlate nat logs and rule logs for the
same packet?
Especially, when the pf configured as if-bound, 4 different log could
be generated for the same packet:
1st - Nat log on receive interface (in)
2nd - Rule log on receive interface (in)
3rd - Nat log on transmit interface (out)
4th - Rule log on transmit interface (out)

I'm looking for a common key for joining these 4 logs.

Thank you,
Have a nice day