Extremely simple redirect rule doesnt appear to be working
tt-list at simplenet.com
Sat Jul 4 07:48:32 UTC 2009
Thank you for your response.
My rules are ok, because I have no other rules than that one, and I ran
the syntax checker on it...
I am indeed running 7.0, so I guess I could update the sources on that
machine to 7.1 and rebuild pf.
Balázs Mátéffy wrote:
> Hi there,
> I think you should check pfctl -sr and pfctl -sn that your rules are ok, and
> you don't deny that traffic explicitly.
> However, I don't want to start a war, but on a machine I experienced that
> with FreeBSD 7.0 or 7.1 the pf redirections didn't work, after a minor
> release update, the problem went away with the same ruleset! (I think it was
> 7.0 and updated to 7.1 to get it working again)
> But rdr pass should add the permitting access rule for your redirection
> Maybe logging can help you too: http://www.openbsd.org/faq/pf/logging.html
> Hope this helps!
> Best Regards,
> 2009/7/2 Tim Traver <tt-list at simplenet.com>
>> Hi all,
>> ok, I'm a little new to messing around with pf, but have come up for a need
>> that it sounds like it should be able to solve.
>> I want to be able to redirect outgoing http requests from the box back to
>> local addresses on the box...
>> In reading up, it appears that the redirect config line should do that, and
>> in testing, I have a simple line like this in the pf.conf
>> rdr pass inet proto tcp from any to 126.96.36.199 port 80 -> [internal
>> address here] port 80
>> now, I haven't made that internal address be an address on the local box
>> yet, cause I'm testing to see how this works...
>> I can manually telnet to [internal address here] port 80 with no problems
>> and get the apache greeting.
>> Once I turn on and load the pf.conf file (with pfctl -F all -f
>> /etc/pf.conf), and I try to telnet to 188.8.131.52 port 80 (generic
>> www.yahoo.com), I don't get redirected to the internal address port 80 and
>> get the apache greeting that is expected...
>> I did turn on port forwarding as per the instructions for NAT, although it
>> didn't say if it was needed for rdr.
>> in netstat, I see it trying to actually reach the ouside IP, which it cant,
>> so the translation didn't appear to take affect...
>> am I missing something ?
>> freebsd-pf at freebsd.org mailing list
>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
> freebsd-pf at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
More information about the freebsd-pf