On Thu, Mar 09, 2006 at 11:32:30AM +0200, Huzeyfe Onal wrote: > Hi, > with these rules you sent packets which coming from on $int_if, to > 10.0.0.1host, run PF at > 10.0.0.1 side and write a rule which log the packets. Then you can see the > packets with tcpdump -i pflog0 ... > > > > On 3/9/06, husnu demir <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > I tried to duplicate the traffic to another interface by writing ; > > > > > > inf_if = "bge0" > > dup_if = "bge1" > > dup_ip = "10.0.0.1" > > > > > > > > block all > > pass in on $int_if dup-to ($dup_if $dup_ip) > > > > pass all keep state > > > > > > > > > > This is just a simple ruleset. I just want to show the case. Since the > > last statement is valid all the packets get through the last statement and > > dup-to rule is not used at all. If I put a quick keword which is not what I > > want all the traffic route-to there (bge1) but no other traffic pass. > > > > The logic that I need is that: I want to copy all the traffice that rule > > implies to dup_if and then pass the traffic goes through the other PF rules > > in the list and get routed. > > > > > > Can you help me. I could not solved the problem :( > > > > Husnu Demir.
Yes, I understand the logic behind dup-to. I added all the pass statements to dup-to statement. So that if the packet matches the rule it also dup-to where I want. I, at first, thought that I will write a rule to dup all the traffic then PF will continue to proceed with the next rule statement. I understand that is not the situation :)) Thanks, and sorry about disturb you. Husnu Demir. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
