From owner-freebsd-pf@FreeBSD.ORG Mon Jul 6 05:43:33 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4C2711065670 for ; Mon, 6 Jul 2009 05:43:33 +0000 (UTC) (envelope-from tt-list@simplenet.com) Received: from mta2.scaledsystems.com (mta2.scaledsystems.com [209.132.4.202]) by mx1.freebsd.org (Postfix) with ESMTP id 26C738FC0A for ; Mon, 6 Jul 2009 05:43:32 +0000 (UTC) (envelope-from tt-list@simplenet.com) Received: (qmail 54719 invoked from network); 6 Jul 2009 05:43:32 -0000 Received: from unknown (HELO ?192.168.1.101?) (tt@simplenet.com@76.176.154.181) by mail.ssl.simplenet.com with ESMTPA; 6 Jul 2009 05:43:32 -0000 Message-ID: <4A518F07.1070209@simplenet.com> Date: Sun, 05 Jul 2009 22:43:35 -0700 From: Tim Traver User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: Chris Buechler References: <4A4D2010.4020908@simplenet.com> <4A4F0950.7020005@simplenet.com> <4A518B6B.1010407@simplenet.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-pf@freebsd.org Subject: Re: Extremely simple redirect rule doesnt appear to be working X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: tt-list@simplenet.com List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jul 2009 05:43:33 -0000 Chris Buechler wrote: > On Mon, Jul 6, 2009 at 1:28 AM, Tim Traver wrote: > >> Thanks for responding. I am indeed testing this from within the same >> machine, as I need the redirection to take place when attempting to make >> requests FROM the machine to an outside source. >> >> Is there not a way to do that with pf ??? >> >> > > There are multiple options, see: > http://www.openbsd.org/faq/pf/rdr.html > Chris, yes, that is where I originally got all of the information, and made my original post with my redirection line in the pf.conf that does not appear to be doing anything. I couldn't figure out why, hence the post here. Here is a copy of the original post if you think you might have any insight... Hi all, ok, I'm a little new to messing around with pf, but have come up for a need that it sounds like it should be able to solve. I want to be able to redirect outgoing http requests from the box back to local addresses on the box... In reading up, it appears that the redirect config line should do that, and in testing, I have a simple line like this in the pf.conf rdr pass inet proto tcp from any to 209.131.36.158 port 80 -> [internal address here] port 80 now, I haven't made that internal address be an address on the local box yet, cause I'm testing to see how this works... I can manually telnet to [internal address here] port 80 with no problems and get the apache greeting. Once I turn on and load the pf.conf file (with pfctl -F all -f /etc/pf.conf), and I try to telnet to 209.131.36.158 port 80 (generic www.yahoo.com), I don't get redirected to the internal address port 80 and get the apache greeting that is expected... I did turn on port forwarding as per the instructions for NAT, although it didn't say if it was needed for rdr. net.inet.ip.forwarding=1 in netstat, I see it trying to actually reach the ouside IP, which it cant, so the translation didn't appear to take affect... am I missing something ? Thanks, Tim.