PF Traffic Redirection issues

Spas Karabelov st0ma at sofiahouse.net
Mon Feb 8 19:48:30 UTC 2010


Thanks for the info Nick,

I had the reflection working with PF + Inetd + NC.

*in the inetd.conf I have the following:*


#INTERNAL NC CONFIGURATION

http stream tcp nowait root /usr/bin/nc nc -w 20 192.168.128.102 80

*in rc.conf in had to add the following to limit the proxy listening on the
localhost Only:*

inetd_flags="-wW -a 127.0.0.1"


*the PF configuration is as follows:*

TRANSLATION RULES:
rdr pass on em0 inet proto tcp from any to 192.168.128.170 port = http ->
127.0.0.1 port 80

FILTER RULES:
block drop log all
pass in on lo0 inet6 proto tcp from any to fe80::1 port = http flags S/SA
keep state
pass in on lo0 inet6 proto tcp from any to ::1 port = http flags S/SA keep
state
pass in on lo0 inet proto tcp from any to 127.0.0.1 port = http flags S/SA
keep state
pass in on em0 inet proto tcp from any to 192.168.128.170 port = ssh flags
S/SA keep state
pass out all flags S/SA keep state


Thanks for the heads up. Hope this works for someone.

KR,

Spas

On Fri, Feb 5, 2010 at 8:39 PM, Nick Rogers <ncrogers at gmail.com> wrote:

>
>
> On Fri, Feb 5, 2010 at 9:41 AM, Spas Karabelov <st0ma at sofiahouse.net>wrote:
>
>> Hello,
>>
>> I am trying to perform traffic redirection with PF on 7.2-RELEASE.
>> The traffic is in the same subnet and I try doing that by using just one
>> interface em0.
>
>
> PF cannot redirect packets back out the interface they originated on.
>
> From pf.conf(5)...
>
> "Redirections cannot reflect packets back through the interface they arrive
> on, they can only be redirected to hosts connected to different interfaces
> or
> to the firewall itself."
>


More information about the freebsd-stable mailing list