Sourcebased nat?
-
will sourcebased nat be supported in the GUI for 1.2.1 ?
If not, could someone point me to information for adding customs rules by shell or something?
-
Hi.
/etc/inc/filter.inc will help you.
cheers,
-
thanks.. was hell going through 3000+ lines :P
But i solved my problem.. posting it here so maybe others looking for the same issue can resolve it too..
NAT from GUI in PFsense did not redirect properly to my external transparent squid box, every log entry would show all traffic coming for the PFsense box, i did not want this, to fix:
edit /etc/inc/filter.inc
around line 623 add:# custom squid rules: $natrules .= "no rdr on em1 inet proto tcp from any to 192.168.0.0/24 port 80\n"; $natrules .= "rdr pass on em1 inet proto tcp from any to any port 80 -> 192.168.0.100 port 8080\n";Remember to change IP's, ports and interface names.
If you use safesquid , you can not access its webconfig by just typing safesquid.cfg when it's in transparent mode, you can access the webconfig by:
http://safesquid.cfg:$PORT/safesquid.cfg, in my case that would be http://safesquid.cfg:8080/safesquid.cfg
You also have to add a dns entry for safesquid.cfg pointing to your proxy IP or else you wont be able to login to safesquid, not sure why… -
Hehehe…now you know what you must see first, in fact, "$natrules" and "$ipfrules" is the key for the pfSense to create its own rules.
There is also a copy of running rules, rules.debug in your /tmp. This helps you too.It is always the best way to sneak around the code, that will definitely help you understand how the pfSense works. ;)
Happy hacking! ;D
BTW. 3000+ ??? mine is only 2912 lines;
wc -l /etc/inc/filter.inc
2912 /etc/inc/filter.inc
I'm running 1.3-AA so there must have been some clean up of the code. :) :) :)
thanks.. was hell going through 3000+ lines :P
-
running 1.2, nano counts the lines: [ line 1/3316 (0%), col 1/6 (16%), char 0/120318 (0%) ]