peer address over pf rdr
Ermal Luçi
eri at freebsd.org
Thu Apr 18 07:29:00 UTC 2013
On Thu, Apr 18, 2013 at 9:11 AM, Radek Krejča <radek.krejca at starnet.cz>wrote:
> Hello,
>
> I need to get in some cases ip address of our customer over nat to my www
> page (eg. for stopping spam and give our customer info). I wrote daemon
> which listen on port where is traffic of our customers redirected (this is
> my testing rule):
>
>
> rdr proto tcp from 192.168.255.2 to any port 8009 -> 127.0.0.1 port 9000
>
> On port 9000 liste my daemon which get ip address with this function:
>
> int Getpeerinfo (int sock,char **IP)
> {
> struct sockaddr_in peer;
> int porto;
> socklen_t peer_len;
> peer_len = sizeof(peer);
> if (getpeername(sock, (struct sockaddr*)&peer, &peer_len) == -1) {
> error("getpeername() failed");
> return -1;
> }
>
> *IP= (char *)malloc(strlen((char *)(inet_ntoa(peer.sin_addr))) + 1);
> strcpy(*IP,(char *)(inet_ntoa(peer.sin_addr)));
> porto=(int)(peer.sin_port);
> return 0 ;
> }
>
> If I connect to port 9000 directly, I got right ip address, but over
> redirect in pf is result empty. It looks that pf destroy this information
> or is my idea wrong?
>
>
Take a look at squid daemon source code on how he does a lookup on the nat
translation table to extract the real customer ip.
> Thank you
>
> Radek
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
--
Ermal
More information about the freebsd-pf
mailing list