# PF + authpf



## akil (Jun 28, 2013)

Hi,

I have _been_ playing a lot with authpf, and there is one thing which I don't underst_an_d. Here is my authpf.rules

```
ext_if = "em0"
ext_addr_net="(" $ext_if:network ")"
ext_addr="(" $ext_if:0 ")"

rdr pass on $ext_if proto { tcp, udp } from [B]any[/B] to $ext_addr port 999 -> 127.0.0.1 port 5900

pass in quick on  $ext_if from $user_ip to any
pass out quick on $ext_if from any to $user_ip
```
* don't care about *any* in RDR rule, it is only for testing purposes.

Here is pf.conf

```
table <authpf_users> persist
#rdr pass on $ext_if proto { tcp, udp } from <authpf_users> to $ext_addr port 999 -> 127.0.0.1 port 5900
pass in on $ext_if from <authpf_users> to ($ext_if)
anchor "authpf/*"
```

If I don't have _a_ special rule which is commented ("#rdr pass * port 999 *") I can't connect to my VNC, keep in mind that I authorized with my special user account (shell authpf). If I unmark this #rdr line, everythin_g_ works like a charm. The _q_uestion is _w_hy_?_ I don't get it, authpf.rules has its own rule to redirect me to a special port!

Another strange behavior I've observed with statistics, all my connections after authorization, don't hit  any of the authpf rules

```
pfctl -a 'authpf/USER(PID)' -sr -vv
@0 pass in quick on em0 inet from USER_IP to any flags S/SA keep state
  [ Evaluations: 1748      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: uid 4001 pid 8090 State Creations: 0     ]
@1 pass out quick on em0 inet from any to USER_IP flags S/SA keep state
  [ Evaluations: 1716      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: uid 4001 pid 8090 State Creations: 0     ]

pfctl -a 'authpf/USER(PID)' -sn -vv
@0 rdr pass on em0 inet proto tcp from any to (em0:0:1) port = garcon -> 127.0.0.1 port 5900
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: uid 4001 pid 8090 State Creations: 0     ]
@1 rdr pass on em0 inet proto udp from any to (em0:0:1) port = applix -> 127.0.0.1 port 5900
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: uid 4001 pid 8090 State Creations: 0     ]
```

Applix,Garcon refers to port 999.

Maybe I've d_one_ something wrong?


----------



## akil (Jun 28, 2013)

Next time I will read authpf(8) two times, before I post such  qu_e_stion. It is solved.


```
rdr-anchor "authpf/*" from <authpf_users>
```


----------

