Using 'rdr' on outbound connections

Greg Hennessy Greg.Hennessy at
Thu Sep 15 05:16:22 PDT 2005

> I tried 'rdr' by itself originally, yes. There is no extra 
> policy at all in this ruleset; that's my entire /etc/pf.conf. 
> Since filter policy defaults to 'pass', then it shouldn't 
> make any different, should it?

It could do, 

Make the 1st line of the policy

block log all 

And see what it catches. 

> I appreciate you making suggestions, but perhaps if you have 
> a spare machine available, you could try replicating the 
> problem?

Nothing spare I'm afraid. 

> It's different from your squid setup, where traffic 
> originates from another client and passes through your 
> FreeBSD router. As I said before, I've demonstrated to myself 
> that rdr works when the traffic is inbound from another machine.

Code up a very specific pass log quick rule with a default policy of block. 

If the pass rule doesn't catch it, the block log all should tell you what
the specifics are. 


More information about the freebsd-pf mailing list