rdr + bridge
Sergey Lyubka
ioannvelikiy at yahoo.com
Fri Oct 15 09:25:38 PDT 2004
I am trying to setup transparent proxy.
The box has two interfaces,
em0 (0.0.0.0, outside interface)
em1 (10.0.0.3, inside interface)
pf and bridge are running on the box.
Proxy is running on the box, listening on 127.0.0.1:8080
This is the pf.conf:
------------------
int_if="em1"
ext_if="em0"
rdr on $int_if inet proto tcp from any to any port 80 -> 127.0.0.1 port
8080
pass in
pass out
-------------------
But, when I am trying to access any site from the inside,
I see packets emitted by em0, which have destination address
127.0.0.1:8080
Proxy does not receive anything.
nfa# sysctl -a | grep bridge
net.link.ether.bridge_cfg: em0,em1
net.link.ether.bridge_ipfw: 1
net.link.ether.bridge_ipf: 1
net.link.ether.bridge.config: em0,em1
net.link.ether.bridge.enable: 1
net.link.ether.bridge.predict: 45
net.link.ether.bridge.dropped: 0
net.link.ether.bridge.packets: 80
net.link.ether.bridge.ipfw_collisions: 0
net.link.ether.bridge.ipfw_drop: 0
net.link.ether.bridge.copy: 0
net.link.ether.bridge.ipfw: 1
net.link.ether.bridge.ipf: 1
net.link.ether.bridge.debug: 0
net.link.ether.bridge.version: 031224
nfa# uname -a
FreeBSD nfa 5.3-BETA7 FreeBSD 5.3-BETA7 #20: Fri Oct 15 15:41:14 UTC
2004 root at valenok.netfort-iss.com:/usr/obj/usr/src/sys/MANAGER
i386
Any ideas ?
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
More information about the freebsd-pf
mailing list