PFsync & RDR/NAT
Melissa Jenkins
melissa-freebsdstable at littlebluecar.co.uk
Sat Mar 19 08:46:44 UTC 2011
Hi Thomas,
I wish it was that simple :(
If I add it to the rdr I get an error loading the file:
rdr pass on $if proto udp from <napts> to any port 53 -> 127.0.0.1 port 53 keep state (no-sync)
pf.conf:124: syntax error
If I put it on the pass rule it doesn't stop the state from being synchronised... I'm guessing because the state was created by the RDR rule. I've tried in Freebsd 8.0 & 8.1
Mel
On 18 Mar 2011, at 16:08, Thomas Steen Rasmussen wrote:
> On 18.03.2011 12:31, Melissa Jenkins wrote:
>> Hiya,
>>
>> I was wondering if anybody knew how to stop the states generated by RDR and NAT rules from synchronising over PFSYNC?
>>
>> In particular I have an RDR for DNS traffic. The states this produces don't need to be synchronised between the two machines, but I can't figure out how to stop this. Adding the (no state) flags to the pass rule doesn't stop the states from being synchronised.
> Hello,
>
> You need the no-sync keyword on the state options,
> check man pf.conf(5).
>
> Best regards
>
> Thomas Steen Rasmussen
More information about the freebsd-pf
mailing list