[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PF - traffic count and transparent proxy


everything I did a traffic count with transparent
proxy without any problems. In new PF I found
such function as table. I did 6 counters: to/from
local, to/from backbone and to/from other nets.

Now my pf.conf looks like this:

table <ua-ix> persist file "/etc/squid/ua-ix.tbl"
pass in on fxp1 from to ! <ua-ix>
pass in on fxp1 from to 192.168/16
pass in on fxp1 from to <ua-ix>
pass out on fxp1 from ! <ua-ix> to
pass out on fxp1 from 192.168/16 to
pass out on fxp1 from <ua-ix> to

In default statement order of rulesets (options,
normalization, queueing, translation, filtering)
when enabled redirect function

rdr on fxp1 proto tcp from any to any port 80 -> port 3148

all packets from for port 80 are changing
the real destination address to a proxy address BEFORE
they will counted. Counters lies.

When redirect disabled, everything counts right
but proxy inactive.

Here my question:

Is there a way to set a "translation" AFTER "filtering"?

Thanks, vlader