Convert ipfw rule to pf

Matthias Fechner idefix at fechner.net
Sun Apr 17 09:22:25 UTC 2016


Dear all,

I use sslh to have a transparent proxy for ssh/https in place.
The transparent proxy support of sslh requires ipfw rules to work.

I'm not sure if sslh is doing something in the background and that is 
the reason why it is not working with pf.

Maybe we have here a pf guru on the list that can ensure the the rule 
itself is correct.

The ipfw rule looks like:
# https
ipfw add 20000 fwd 192.168.0.251,443 log tcp from 192.168.0.251 8443 to 
any out
ipfw add 20001 fwd 192.168.200.6,443 log tcp from 192.168.200.6 8443 to 
any out
# ssh
ipfw add 20003 fwd 192.168.200.6,443 log tcp from 192.168.200.6 22 to 
any out

In pf they look like:
rdr pass log inet proto tcp from 192.168.0.251 port 8443 to any -> 
192.168.0.251 port 443
rdr pass log inet proto tcp from 192.168.200.6 port 8443 to any -> 
192.168.200.6 port 443
rdr pass log inet proto tcp from 192.168.200.6 port 22 to any -> 
192.168.200.6 port 443

Thanks.

Gruß
Matthias

-- 

"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook


More information about the freebsd-questions mailing list