From owner-freebsd-pf@FreeBSD.ORG Thu Mar 9 09:43:13 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B036616A420 for ; Thu, 9 Mar 2006 09:43:13 +0000 (GMT) (envelope-from hdemir@metu.edu.tr) Received: from tenedos.general.services.metu.edu.tr (tenedos.general.services.metu.edu.tr [144.122.144.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id D801E43D46 for ; Thu, 9 Mar 2006 09:43:12 +0000 (GMT) (envelope-from hdemir@metu.edu.tr) Received: from simena.user.services.metu.edu.tr (simena.user.services.metu.edu.tr [144.122.144.15]) by tenedos.general.services.metu.edu.tr (8.13.5/8.13.5) with ESMTP id k299hBTg015196; Thu, 9 Mar 2006 11:43:11 +0200 Received: (from hdemir@localhost) by simena.user.services.metu.edu.tr (8.13.5/8.13.5/Submit) id k299hAJb2683102; Thu, 9 Mar 2006 11:43:10 +0200 Date: Thu, 9 Mar 2006 11:43:09 +0200 From: husnu demir To: Huzeyfe Onal Message-ID: <20060309094307.GA913536@metu.edu.tr> References: <20060309090302.GA2392258@metu.edu.tr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.10i X-Virus-Scanned: ClamAV 0.88/1319/Thu Mar 9 03:00:26 2006 on tenedos.general.services.metu.edu.tr X-Virus-Status: Clean Cc: freebsd-pf@freebsd.org Subject: Re: dup-to - How works?? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Mar 2006 09:43:13 -0000 On Thu, Mar 09, 2006 at 11:32:30AM +0200, Huzeyfe Onal wrote: > Hi, > with these rules you sent packets which coming from on $int_if, to > 10.0.0.1host, run PF at > 10.0.0.1 side and write a rule which log the packets. Then you can see the > packets with tcpdump -i pflog0 ... > > > > On 3/9/06, husnu demir wrote: > > > > Hi, > > > > I tried to duplicate the traffic to another interface by writing ; > > > > > > inf_if = "bge0" > > dup_if = "bge1" > > dup_ip = "10.0.0.1" > > > > > > > > block all > > pass in on $int_if dup-to ($dup_if $dup_ip) > > > > pass all keep state > > > > > > > > > > This is just a simple ruleset. I just want to show the case. Since the > > last statement is valid all the packets get through the last statement and > > dup-to rule is not used at all. If I put a quick keword which is not what I > > want all the traffic route-to there (bge1) but no other traffic pass. > > > > The logic that I need is that: I want to copy all the traffice that rule > > implies to dup_if and then pass the traffic goes through the other PF rules > > in the list and get routed. > > > > > > Can you help me. I could not solved the problem :( > > > > Husnu Demir. Yes, I understand the logic behind dup-to. I added all the pass statements to dup-to statement. So that if the packet matches the rule it also dup-to where I want. I, at first, thought that I will write a rule to dup all the traffic then PF will continue to proceed with the next rule statement. I understand that is not the situation :)) Thanks, and sorry about disturb you. Husnu Demir.