PF PF: NAT translations logging

M

moffet

Guest
Hi everyone.
I'm trying to log NAT translations done by PF.
I've already tried "nat log on ...." but this only logs packets AFTER they've been translated, so information about the source is lost.

But there's something called pfsync which is virtual network interface used to synchronize PF states among firewalls. The packets that go through this interface carry all necessary information about NAT translations.

Do you guys have any experience how to use this feature, not to send states among firewalls, but to log NAT states to file (pflog for ex.). I was thinking about something like "ifconfig pfsync0 syncdev pflog0 ..." but the man page says, the synchronized interface must have an IP address assigned.

Thanks you.
 
Back
Top