pf rdr not redirecting completely

Patrick Goggins pgoggins at
Wed Mar 18 06:17:50 PDT 2009

I'm running into a problem with a transparent bridge and the rdr functionality where when a device hits the rule they are being redirect but are unable to fully connect to the server.

Pf is set to skip on the management, external, and bridged interfaces; filtering is just on the internal interface.

Eth0: (management interface, also serving apache pages)
Eth1: external, non-addressed
Eth2: internal, non-addressed
Bridge0: bridge between Eth1 and Eth2
Eth0 and Eth1 are on the same vlan

[Lan where resides]---[managed switch]---[external interface]----[bridge0]-----[internal interface]------[unmanaged switch]------[test system]

Here's the rule I'm trying to run:

rdr on $int_if proto tcp from to any port {80, 443} -> port 80

additionally the following rules apply:

pass quick on $int_if proto tcp from any to any

When testing the rdr rule on another ip (another physical server), the rule works correctly. I'm thinking it's having issues going out and then coming back in because it's seeing the request twice and dropping it??? 


More information about the freebsd-pf mailing list