[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rdr pass, max-src-conn



On Wed, Sep 07, 2005 at 07:37:04PM +0100, ed wrote:
> On Wed, 7 Sep 2005 20:25:54 +0200
> Daniel Hartmeier <[email protected]> wrote:
> 
> > > rdr on $ext_if proto tcp from any to 1.2.3.4 port 80 -> 10.10.10.10
> > > pass on $ext_if proto tcp from any to 1.2.3.4 port {80,3389}
> > 
> > Packets will have their destination address replaced with 10.10.10.10
> > when filter rules are evaluated (translation always happens first).
> > 
> > So the pass rule needs to be "to 10.10.10.10" instead of "to 1.2.3.4".
> 
> Thanks I'll give this a go. Is there much chance of the two rules being
> combined to a single rdr pass ( max-src-conn etc ) in the future?
You can use tags for that:
rdr on $ext_if proto tcp from any to 1.2.3.4 port 80 tag MYTAG -> 10.10.10.10
pass on $ext_if proto tcp tagged MYTAG keep state
The pass will match the rdr rule exactly and you can specify any options there.
Can