Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Apr 2013 09:28:58 +0200
From:      =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org>
To:        =?ISO-8859-2?Q?Radek_Krej=E8a?= <radek.krejca@starnet.cz>
Cc:        "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
Subject:   Re: peer address over pf rdr
Message-ID:  <CAPBZQG3-LUktyszD49r12zbA6kGyuzME3N5fkHzOT-Drv20iPg@mail.gmail.com>
In-Reply-To: <B2E0472020754D45B72E9B0CE35278CAB6D82984CA@EXCHANGE.mail.starnet.cz>
References:  <B2E0472020754D45B72E9B0CE35278CAB6D82984CA@EXCHANGE.mail.starnet.cz>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Apr 18, 2013 at 9:11 AM, Radek Krej=C4=8Da <radek.krejca@starnet.cz=
>wrote:

> Hello,
>
> I need to get in some cases ip address of our customer over nat to my www
> page (eg. for stopping spam and give our customer info). I wrote daemon
> which listen on port where is traffic of our customers redirected (this i=
s
> my testing rule):
>
>
> rdr proto tcp from 192.168.255.2 to any port 8009 -> 127.0.0.1 port 9000
>
> On port 9000 liste my daemon which get ip address with this function:
>
> int Getpeerinfo (int sock,char **IP)
> {
>    struct sockaddr_in peer;
>    int porto;
>    socklen_t peer_len;
>    peer_len =3D sizeof(peer);
>    if (getpeername(sock, (struct sockaddr*)&peer, &peer_len) =3D=3D -1) {
>       error("getpeername() failed");
>       return -1;
>    }
>
>     *IP=3D (char *)malloc(strlen((char *)(inet_ntoa(peer.sin_addr))) + 1)=
;
>     strcpy(*IP,(char *)(inet_ntoa(peer.sin_addr)));
>      porto=3D(int)(peer.sin_port);
>  return 0 ;
> }
>
> If I connect to port 9000 directly, I got right ip address, but over
> redirect in pf is result empty. It looks that pf destroy this information
> or is my idea wrong?
>
>
Take a look at squid daemon source code on how he does a lookup on the nat
translation table to extract the real customer ip.



> Thank you
>
> Radek
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>



--=20
Ermal

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPBZQG3-LUktyszD49r12zbA6kGyuzME3N5fkHzOT-Drv20iPg>