On Fri, Dec 18, 2009 at 10:53:40AM +0200, Peter Todorov (pmi...@gmail.com) wrote > Hi Chris, > Can he just edit the conf file on hand and bypass webgui?
Not quite that easy. I took a look at the code, and pfSense doesn't keep the raw pf conf file, but rebuilds it out of its own xml config at every reload, and the code that does that (filter.inc) has "any" hardwired as source address. I took a stab at hacking filter.inc and modified it so that if there's <source-address> modifier in the nat rule, it uses it as source in the rdr entry. I tested it with backup/restore: backed config up, added <source-address> entry, restored, and it seems to work. Somewhat surprisingly the rule even survived adding another NAT rule from the GUI. This is not exactly convenient, however, and I haven't taken a look at the GUI code to see how hard it'd be to make necessary changes there. -- Tapani Tarvainen --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org