On 12/10/05, Tamas TEVESZ <[EMAIL PROTECTED]> wrote:
[snip]
, what's the correct syntax
> for logging in a nat(/binat/rdr) rule? "nat on pcn0 from
> 192.168.1.0/24 to any -> (pcn0)" works fine, "nat log on pcn..." gives
> a syntax error).
>
> if the diff below is correct, how can one log nats/rdrs/binats as they
> happen?
[snip]
I interpret it that you need a "pass" before the log ;)
-------- man pf.conf of 3.8 current -------
rdr-rule = [ "no" ] "rdr" [ "pass" [ "log" [ "(" logopts ")" ] ] ]
[ "on" ifspec ] [ af ]
------------ end -------
With the "pass" it gives no syntax errors.
EXT_NIC = fxp0
rdr pass log on $EXT_NIC inet proto tcp from ! self to $EXT_NIC port
2222 tag IN_OK -> $EXT_NIC port ssh
pfctl -s nat
rdr pass log on fxp0 inet proto tcp from ! 127.0.0.1 to 192.168.222.69
port = 2222 tag IN_OK -> 192.168.222.69 port 22
rdr pass log on fxp0 inet proto tcp from ! 192.168.222.69 to
192.168.222.69 port = 2222 tag IN_OK -> 192.168.222.69 port 22
=Adriaan=
