Extremely simple redirect rule doesnt appear to be working
Ronnel Maglasang
rmaglasang at infoweapons.com
Mon Jul 13 04:15:39 UTC 2009
Tim Traver wrote:
>>> am I missing something ?
>>>
>>>
>> Yes, I believe so.
>>
>> rdr works only for incoming traffic. To redirect outgoing traffic
>> locally you
>> need to re-route the traffic using the route-to option.
>>
>> Try these rules.
>>
>> --
>> rdr pass on lo0 inet proto tcp from any to 209.131.36.158 port 80 ->
>> <internal address here> port 80
>> pass out log quick on lo0 no state
>> pass in log quick on lo0 no state
>>
>> pass out quick on <outgoing if> route-to (lo0 <internal address here>)
>> inet proto tcp from any to 209.131.36.158 port 80 keep state
>> --
>>
>>
> Hmmm...I tried that configuration, but it still doesn't seem to produce
> anything :
>
> here is the exact config that I am using based on your statements :
>
> rdr pass on lo0 inet proto tcp from any to 209.131.36.158 port 80 ->
> 209.132.4.203 port 80
> pass out log quick on lo0 no state
> pass in log quick on lo0 no state
>
> pass out quick on fxp0 route-to 127.0.0.1 inet proto tcp from any to
> 209.131.36.158 port 80 keep state
>
> when I reload pf, it looks like the rules and nat stuff is indeed in
> place, but I get nothing when I attempt from the command line to telnet
> to 209.131.36.158 on port 80
>
> I was expecting it to get answered on the local 127.0.0.1 port 80 which
> is indeed responding...
>
> any other ideas on how to accomplish this?
>
> Once again, I'm trying to make it so that any calls out from this box to
> certain IP's get redirected to a local IP on the box, so it never
> actually leaves the server...
>
>
I have similar setup and appears to be working...
Please attach the output of the following commands:
ifconfig -a
sockstat
pfctl -sa
> Thanks,
>
> Tim.
>
>
>
>
>
More information about the freebsd-pf
mailing list