From owner-freebsd-pf@FreeBSD.ORG Sat Jul 11 06:06:28 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6CC0D106566C for ; Sat, 11 Jul 2009 06:06:28 +0000 (UTC) (envelope-from tt-list@simplenet.com) Received: from mta1.scaledsystems.com (mta1.scaledsystems.com [209.132.4.201]) by mx1.freebsd.org (Postfix) with ESMTP id 4ADAB8FC1C for ; Sat, 11 Jul 2009 06:06:28 +0000 (UTC) (envelope-from tt-list@simplenet.com) Received: (qmail 6543 invoked from network); 11 Jul 2009 06:06:27 -0000 Received: from unknown (HELO ?192.168.1.101?) (tt@simplenet.com@76.176.154.181) by mail.ssl.simplenet.com with ESMTPA; 11 Jul 2009 06:06:27 -0000 Message-ID: <4A582BE5.8020300@simplenet.com> Date: Fri, 10 Jul 2009 23:06:29 -0700 From: Tim Traver User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: "Ronnel P. Maglasang" References: <4A4D2010.4020908@simplenet.com> <4A4F0950.7020005@simplenet.com> <4A518B6B.1010407@simplenet.com> <4A518F07.1070209@simplenet.com> <4A5190C1.2060205@infoweapons.com> In-Reply-To: <4A5190C1.2060205@infoweapons.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: Extremely simple redirect rule doesnt appear to be working X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: tt-list@simplenet.com List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2009 06:06:28 -0000 >> >> am I missing something ? >> > Yes, I believe so. > > rdr works only for incoming traffic. To redirect outgoing traffic > locally you > need to re-route the traffic using the route-to option. > > Try these rules. > > -- > rdr pass on lo0 inet proto tcp from any to 209.131.36.158 port 80 -> > port 80 > pass out log quick on lo0 no state > pass in log quick on lo0 no state > > pass out quick on route-to (lo0 ) > inet proto tcp from any to 209.131.36.158 port 80 keep state > -- > Hmmm...I tried that configuration, but it still doesn't seem to produce anything : here is the exact config that I am using based on your statements : rdr pass on lo0 inet proto tcp from any to 209.131.36.158 port 80 -> 209.132.4.203 port 80 pass out log quick on lo0 no state pass in log quick on lo0 no state pass out quick on fxp0 route-to 127.0.0.1 inet proto tcp from any to 209.131.36.158 port 80 keep state when I reload pf, it looks like the rules and nat stuff is indeed in place, but I get nothing when I attempt from the command line to telnet to 209.131.36.158 on port 80 I was expecting it to get answered on the local 127.0.0.1 port 80 which is indeed responding... any other ideas on how to accomplish this? Once again, I'm trying to make it so that any calls out from this box to certain IP's get redirected to a local IP on the box, so it never actually leaves the server... Thanks, Tim.