can't add a port forwarding

Bastien Semene bsemene at
Tue Nov 4 07:56:39 PST 2008

Hi everyone,

I'm currently facing a weird problem. I have a pf box acting as a 
gateway for some services and want to add a port forwarding for https.

So I added the following rule :

rdr pass on $ext_if proto tcp from any to any port 443 -> $atlas_ip  
//variables are correct since I have a similar rule for port 80.

The "pfctl -s nat" shows this :

nat on bge0 inet from to any -> "external_interface_ip"
rdr pass on bge0 inet proto tcp from any to any port = http ->
rdr pass on bge0 inet proto tcp from any to any port = https ->

An Nmap from outside shows this :

# nmap -P0 -p80,443,17900 "external_interface_ip"

Starting Nmap 4.20 ( ) at 2008-11-04 16:22 CET
Interesting ports on "external_interface_ip":
80/tcp        open         http
443/tcp      closed      https
17900/tcp filtered      unknown

I tried reloading pf rules with "pfctl -F all -f /etc/pf.conf", 
restarting the machine, but nothing changed. The securelevel is also at 
-1, so pf should take the changes into account.
And of course the destination https server receives nothing on https port.
http and preconfigured nat/forwards works perfectly.

I tried to comment the "scrub in all" option, but because the rdr line 
doesn't seem to be affected, I'm not sure this one is.

If someone has an idea or direction to follow I take every piece of thought.
Thanks all.

More information about the freebsd-pf mailing list