Date: Sat, 19 Mar 2011 08:46:33 +0000 From: Melissa Jenkins <melissa-freebsdstable@littlebluecar.co.uk> To: freebsd-pf@freebsd.org Subject: Re: PFsync & RDR/NAT Message-ID: <64167BE5-C27D-415C-A490-0953DC30B6DD@littlebluecar.co.uk> In-Reply-To: <4D838372.2060401@gibfest.dk> References: <20110131112244.839B610656A8@hub.freebsd.org> <9C34D3E1-5F82-461B-AD1D-9BD7402D794E@littlebluecar.co.uk> <4D838372.2060401@gibfest.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Thomas, I wish it was that simple :( If I add it to the rdr I get an error loading the file: rdr pass on $if proto udp from <napts> to any port 53 -> 127.0.0.1 port = 53 keep state (no-sync) pf.conf:124: syntax error If I put it on the pass rule it doesn't stop the state from being = synchronised... I'm guessing because the state was created by the RDR = rule. I've tried in Freebsd 8.0 & 8.1 Mel On 18 Mar 2011, at 16:08, Thomas Steen Rasmussen wrote: > On 18.03.2011 12:31, Melissa Jenkins wrote: >> Hiya, >>=20 >> I was wondering if anybody knew how to stop the states generated by = RDR and NAT rules from synchronising over PFSYNC? >>=20 >> In particular I have an RDR for DNS traffic. The states this = produces don't need to be synchronised between the two machines, but I = can't figure out how to stop this. Adding the (no state) flags to the = pass rule doesn't stop the states from being synchronised. > Hello, >=20 > You need the no-sync keyword on the state options, > check man pf.conf(5). >=20 > Best regards >=20 > Thomas Steen Rasmussen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?64167BE5-C27D-415C-A490-0953DC30B6DD>