pf rdr not redirecting completely
Patrick Goggins
pgoggins at cc.edu
Wed Mar 18 06:17:50 PDT 2009
I'm running into a problem with a transparent bridge and the rdr functionality where when a device hits the rule they are being redirect but are unable to fully connect to the server.
Pf is set to skip on the management, external, and bridged interfaces; filtering is just on the internal interface.
Eth0: 172.20.5.240 (management interface, also serving apache pages)
Eth1: external, non-addressed
Eth2: internal, non-addressed
Bridge0: bridge between Eth1 and Eth2
Eth0 and Eth1 are on the same vlan
[Lan where 172.20.5.240 resides]---[managed switch]---[external interface]----[bridge0]-----[internal interface]------[unmanaged switch]------[test system]
Here's the rule I'm trying to run:
rdr on $int_if proto tcp from 172.20.0.0/16 to any port {80, 443} -> 172.20.68.31 port 80
additionally the following rules apply:
pass quick on $int_if proto tcp from any to any
When testing the rdr rule on another ip 172.20.5.239 (another physical server), the rule works correctly. I'm thinking it's having issues going out and then coming back in because it's seeing the request twice and dropping it???
~Patrick
More information about the freebsd-pf
mailing list