Using 'rdr' on outbound connections
Greg Hennessy
Greg.Hennessy at nviz.net
Thu Sep 15 05:16:22 PDT 2005
>
> I tried 'rdr' by itself originally, yes. There is no extra
> policy at all in this ruleset; that's my entire /etc/pf.conf.
> Since filter policy defaults to 'pass', then it shouldn't
> make any different, should it?
It could do,
Make the 1st line of the policy
block log all
And see what it catches.
>
> I appreciate you making suggestions, but perhaps if you have
> a spare machine available, you could try replicating the
> problem?
Nothing spare I'm afraid.
> It's different from your squid setup, where traffic
> originates from another client and passes through your
> FreeBSD router. As I said before, I've demonstrated to myself
> that rdr works when the traffic is inbound from another machine.
Code up a very specific pass log quick rule with a default policy of block.
If the pass rule doesn't catch it, the block log all should tell you what
the specifics are.
Greg
More information about the freebsd-pf
mailing list