On Sun, Apr 10, 2005 at 11:18:58PM -0400, Michael W. Lucas wrote:
> Hi,
>
> I'm trying to duplicate packets matching one particular rule.
>
> Background: I have softflowd running on OpenBSD 3.5 i386. This is
> exporting flows to a logging host. Works beautifully.
>
> The old logging host is being replaced. I would like to run the two
> logging hosts in parallel temporarily, until I'm sure all the bugs are
> out of the new one.
>
> While I could fire up a second instance of softflowd, it seems like
> this would be a good application of dup-to. I don't want to duplicate
> the entire mass of traffic going through this box, just the netflow
> packets.
>
> pass out on $int_if proto udp from any to a.b.c.251 port 8641 dup-to ($int_if
> a.b.c.252)
>
> (port number changed to protect the guilty, of course)
>
> pfctl -nf gives me a syntax error on line 80, but won't be specific on
> what the problem is.
>
> Any suggestions? Or am I just outright misunderstanding dup-to?
dup-to goes in the same spot as route-to and reply-to, so:
pass out on $int_if dup-to ($int_if a.b.c.252) inet proto udp \
from any to a.b.c.251 port = 8641
appears to be the correct syntax here (3.6 GENERIC#0 sparc64)
-j
--
"Contestant: I'll take the dying boy to block.
Tom Bergeron: Ok, Jeremy... is there anything lower than absolute zero?
Jeremy: Uhh, yeah... my white cell count."
--Family Guy
