From owner-freebsd-pf@FreeBSD.ORG Wed Mar 5 19:03:22 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 73FC31065674 for ; Wed, 5 Mar 2008 19:03:22 +0000 (UTC) (envelope-from eskuat@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.186]) by mx1.freebsd.org (Postfix) with ESMTP id 602898FC2B for ; Wed, 5 Mar 2008 19:03:21 +0000 (UTC) (envelope-from eskuat@gmail.com) Received: by nf-out-0910.google.com with SMTP id b2so1237738nfb.33 for ; Wed, 05 Mar 2008 11:03:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=ryMABSjVjntAkvnBthaVK9Yy1txt1y7UoyrJmIAxzWc=; b=BHthnDcQVJcFFYOS/7DQTfcYMozwq96S0ZwE4LlgOX4HOC8e3IfrgUnNMafdISxjXfsMA2kKuKti1nzWfco9BTVZ371GPlab5j5NUnCskE9k8uJOeyvZB1LDaPzlbPPbimSbtu1HNy3JGW4V1zRUwfgb/yjdEJPqitH1zpi1+bo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=dl6wTn4Ij1fOB8vLnHpKIh4p9OVzExK8Dg1ynzBr7OptBjtC69PZ+dmDWAV8P9siWyCFUwUt3pw87xjRVtB8rNvQbxHoxmLLfm/TjmcYAUUdmjcilXVEXOZe13QmsHZB3iXfmHO6ynJPQ1Oefcj6t6gna3YVvdPZlQFjIo89GdI= Received: by 10.78.201.8 with SMTP id y8mr7646711huf.18.1204742342300; Wed, 05 Mar 2008 10:39:02 -0800 (PST) Received: by 10.78.141.3 with HTTP; Wed, 5 Mar 2008 10:39:01 -0800 (PST) Message-ID: Date: Thu, 6 Mar 2008 00:39:01 +0600 From: "Kuat Eshengazin" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: using pf to emulate different source ip's X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Mar 2008 19:03:22 -0000 Hi, I'm testing a device with application layer firewall and one of the features requires HTTP connection from multiple IP-addresses. Device logs clients ip addresses and then depending on statistic calculation tries to do smth with such kind of requests in future (block or pass for example) Device directly connected to machine with Freebsd 7.0 + pf Is it possible to rewrite source ip addresses with pf? Is it possible to pick up source ip addresses from table or list randomly/round robin? I.ve tried to play with nat rules like nat on $ext_if inet from $ext_if to any -> 192.168.2.0/24 source-hash but there was no much success. Please CC me when answering. p.s. Currently what i.m doing is simply changing interface ip address by ifconfig command before each HTTP request. Thanks in advance