peer address over pf rdr
Radek Krejča
radek.krejca at starnet.cz
Thu Apr 18 07:11:35 UTC 2013
Hello,
I need to get in some cases ip address of our customer over nat to my www page (eg. for stopping spam and give our customer info). I wrote daemon which listen on port where is traffic of our customers redirected (this is my testing rule):
rdr proto tcp from 192.168.255.2 to any port 8009 -> 127.0.0.1 port 9000
On port 9000 liste my daemon which get ip address with this function:
int Getpeerinfo (int sock,char **IP)
{
struct sockaddr_in peer;
int porto;
socklen_t peer_len;
peer_len = sizeof(peer);
if (getpeername(sock, (struct sockaddr*)&peer, &peer_len) == -1) {
error("getpeername() failed");
return -1;
}
*IP= (char *)malloc(strlen((char *)(inet_ntoa(peer.sin_addr))) + 1);
strcpy(*IP,(char *)(inet_ntoa(peer.sin_addr)));
porto=(int)(peer.sin_port);
return 0 ;
}
If I connect to port 9000 directly, I got right ip address, but over redirect in pf is result empty. It looks that pf destroy this information or is my idea wrong?
Thank you
Radek
More information about the freebsd-pf
mailing list