From owner-freebsd-pf@FreeBSD.ORG Sat Mar 19 14:20:19 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 46A99106568B for ; Sat, 19 Mar 2011 14:20:19 +0000 (UTC) (envelope-from thomas@gibfest.dk) Received: from mail.tyknet.dk (mail.tyknet.dk [IPv6:2002:d596:2a92:2:155::]) by mx1.freebsd.org (Postfix) with ESMTP id 036CF8FC08 for ; Sat, 19 Mar 2011 14:20:19 +0000 (UTC) Received: from tykburk.tyknet.cn.dom (unknown [IPv6:2002:5996:79d2:1:224:8cff:fe02:de01]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.tyknet.dk (Postfix) with ESMTPSA id B99A263AB2E; Sat, 19 Mar 2011 15:20:17 +0100 (CET) X-DKIM: OpenDKIM Filter v2.2.2 mail.tyknet.dk B99A263AB2E DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gibfest.dk; s=default; t=1300544417; bh=p/eJrnF93Ggt6QF6TYggvaNuaVE+/40a2ufcj9uf7XE=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=Z+Jp1JwBgN7kauf3UjrZPcuw1W9PBHT5s9+SyZnHnev+KpR+aA7tS0fGsWqGB2frD dYftv99/Y+qplP1QR17hTME4WNg0q72PktW7ibE53okLYzkfTAy2ADeVVhModKDYlF d25NUr05qNNyElxLN2/Il2w9QEs8IUG7kYPSMN40= Message-ID: <4D84BBA0.40208@gibfest.dk> Date: Sat, 19 Mar 2011 15:20:16 +0100 From: Thomas Steen Rasmussen User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.13) Gecko/20101231 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: Melissa Jenkins References: <20110131112244.839B610656A8@hub.freebsd.org> <9C34D3E1-5F82-461B-AD1D-9BD7402D794E@littlebluecar.co.uk> <4D838372.2060401@gibfest.dk> <64167BE5-C27D-415C-A490-0953DC30B6DD@littlebluecar.co.uk> In-Reply-To: <64167BE5-C27D-415C-A490-0953DC30B6DD@littlebluecar.co.uk> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: PFsync & RDR/NAT X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Mar 2011 14:20:19 -0000 On 19.03.2011 09:46, Melissa Jenkins wrote: > Hi Thomas, > > I wish it was that simple :( > > If I add it to the rdr I get an error loading the file: > rdr pass on $if proto udp from to any port 53 -> 127.0.0.1 port 53 keep state (no-sync) > > pf.conf:124: syntax error > > If I put it on the pass rule it doesn't stop the state from being synchronised... I'm guessing because the state was created by the RDR rule. I've tried in Freebsd 8.0 & 8.1 > Hello, You need to remove the "pass" keyword from the RDR rule and make an explicit "pass" rule with the no-state keyword. So instead of: rdr pass on $if proto udp from to any port 53 -> 127.0.0.1 port 53 keep state (no-sync) You do: rdr on $if proto udp from to any port 53 -> 127.0.0.1 port 53 pass in on $if inet proto udp from to 127.0.0.1 port 53 keep state (no-sync)Best regards Let me know how it works out. Thomas Steen Rasmussen ps. Please don't top-post :)