PF Traffic Redirection issues
Spas Karabelov
st0ma at sofiahouse.net
Mon Feb 8 19:48:30 UTC 2010
Thanks for the info Nick,
I had the reflection working with PF + Inetd + NC.
*in the inetd.conf I have the following:*
#INTERNAL NC CONFIGURATION
http stream tcp nowait root /usr/bin/nc nc -w 20 192.168.128.102 80
*in rc.conf in had to add the following to limit the proxy listening on the
localhost Only:*
inetd_flags="-wW -a 127.0.0.1"
*the PF configuration is as follows:*
TRANSLATION RULES:
rdr pass on em0 inet proto tcp from any to 192.168.128.170 port = http ->
127.0.0.1 port 80
FILTER RULES:
block drop log all
pass in on lo0 inet6 proto tcp from any to fe80::1 port = http flags S/SA
keep state
pass in on lo0 inet6 proto tcp from any to ::1 port = http flags S/SA keep
state
pass in on lo0 inet proto tcp from any to 127.0.0.1 port = http flags S/SA
keep state
pass in on em0 inet proto tcp from any to 192.168.128.170 port = ssh flags
S/SA keep state
pass out all flags S/SA keep state
Thanks for the heads up. Hope this works for someone.
KR,
Spas
On Fri, Feb 5, 2010 at 8:39 PM, Nick Rogers <ncrogers at gmail.com> wrote:
>
>
> On Fri, Feb 5, 2010 at 9:41 AM, Spas Karabelov <st0ma at sofiahouse.net>wrote:
>
>> Hello,
>>
>> I am trying to perform traffic redirection with PF on 7.2-RELEASE.
>> The traffic is in the same subnet and I try doing that by using just one
>> interface em0.
>
>
> PF cannot redirect packets back out the interface they originated on.
>
> From pf.conf(5)...
>
> "Redirections cannot reflect packets back through the interface they arrive
> on, they can only be redirected to hosts connected to different interfaces
> or
> to the firewall itself."
>
More information about the freebsd-stable
mailing list