rdr to another machine and back

Wed Nov 3 09:46:16 PST 2004

Hi Lawrence,

On Wednesday 27 October 2004 15:57, Lawrence Farr wrote:
> I'm trying to work out how to get a gateway machine
> to send all http requests to a separate machine and
> get them back, network looks like this:

[ hmm ... ASCII art killed by mail reader ]

Setup understood.

> So the router has 3 interfaces, one to the outside
> world, one externally available network and one
> internal. The proxy has 2 interfaces one to internal
> and one externally available. I can redirect port 80
> to a proxy on the router without any issue, but want
> to send them to the separate proxy machine. Has anyone
> done this, or does anyone know of a howto?

Well, it would be helpful to see tcpdumps from the proxy on the NIC connected 
with the gateway. Also if you ask questions like this, please try to include 
significant details about your ruleset. It's always helpful to check if the 
rules that you tried are matched at all (pfctl -vsr or -vsn in your case).

Other than that, I don't know of a howto for this specific problem, the 
pf.conf(5) manpage has some examples that redirect incoming SSH traffic to a 
different host, though. It should be possible to take it from there. Make 
sure that the proxy knows how to get back (i.e. has a route to the client - 
remember "rdr" will not translate the source address!)

> Many thanks

[ Sorry for the delay, EuroBSDCon has been demanding - and a lot of FUN! ]

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20041103/47162d43/attachment.bin