List Info

Thread: using pf to emulate different source ip's
using pf to emulate different source ip's
user name
 2008-03-05 12:39:01 
Hi,


I'm testing a device with application layer firewall and one
of the features
requires HTTP connection from multiple IP-addresses.
Device logs clients ip addresses and then depending on
statistic calculation
tries to do smth with such kind of requests in future (block
or pass for
example)
Device directly connected to machine with Freebsd 7.0 + pf


Is it possible to  rewrite source ip addresses with pf?
Is it possible to  pick up  source  ip addresses from table
or list
randomly/round robin?

I.ve tried to play with nat rules like
nat on $ext_if inet from $ext_if to any -> 192.168.2.0/24
source-hash
but there was no much success.



Please CC me when answering.

p.s.
Currently what i.m doing is simply changing interface ip
address by ifconfig
command before each HTTP request.


Thanks in advance
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
Re: using pf to emulate different source ip's
country flaguser name
Russian Federation		 2008-03-19 06:10:03 

  


  

    
  

  
  
   
     
    

  

    Re: using pf to emulate different source
ip's
  


  

     user name

     2008-03-19 11:49:37
  


  

    
On Wed, Mar 5, 2008 at 7:39 PM, Kuat Eshengazin
<eskuatgmail.com> wrote:
> Hi,
>
>
>  I'm testing a device with application layer firewall
and one of the features
>  requires HTTP connection from multiple IP-addresses.
>  Device logs clients ip addresses and then depending on
statistic calculation
>  tries to do smth with such kind of requests in future
(block or pass for
>  example)
>  Device directly connected to machine with Freebsd 7.0
+ pf
>
>
>  Is it possible to  rewrite source ip addresses with
pf?
>  Is it possible to  pick up  source  ip addresses from
table or list
>  randomly/round robin?
>
>  I.ve tried to play with nat rules like
>  nat on $ext_if inet from $ext_if to any ->
192.168.2.0/24 source-hash
Try it this way.
nat on $interface from self  to any -> $iptouse
source-hash

>  but there was no much success.
>
>
>
>  Please CC me when answering.
>
>  p.s.
>  Currently what i.m doing is simply changing interface
ip address by ifconfig
>  command before each HTTP request.
>
>
>  Thanks in advance
>  _______________________________________________
>  freebsd-pffreebsd.org mailing list
>  
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>  To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
>
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"



  


  

    
  

  
  
   
     
    






 [1-3]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )