Date: Fri, 10 Jul 2009 23:06:29 -0700 From: Tim Traver <tt-list@simplenet.com> To: "Ronnel P. Maglasang" <rmaglasang@infoweapons.com> Cc: freebsd-pf@freebsd.org Subject: Re: Extremely simple redirect rule doesnt appear to be working Message-ID: <4A582BE5.8020300@simplenet.com> In-Reply-To: <4A5190C1.2060205@infoweapons.com> References: <4A4D2010.4020908@simplenet.com> <c4b701070907030313s62a4bc33nbea633edee178572@mail.gmail.com> <4A4F0950.7020005@simplenet.com> <d64aa1760907040642w1d7fa1ecp8be75728235da8a1@mail.gmail.com> <4A518B6B.1010407@simplenet.com> <d64aa1760907052237l6c692961ic777fe09a44ce426@mail.gmail.com> <4A518F07.1070209@simplenet.com> <4A5190C1.2060205@infoweapons.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> >> am I missing something ? >> > Yes, I believe so. > > rdr works only for incoming traffic. To redirect outgoing traffic > locally you > need to re-route the traffic using the route-to option. > > Try these rules. > > -- > rdr pass on lo0 inet proto tcp from any to 209.131.36.158 port 80 -> > <internal address here> port 80 > pass out log quick on lo0 no state > pass in log quick on lo0 no state > > pass out quick on <outgoing if> route-to (lo0 <internal address here>) > inet proto tcp from any to 209.131.36.158 port 80 keep state > -- > Hmmm...I tried that configuration, but it still doesn't seem to produce anything : here is the exact config that I am using based on your statements : rdr pass on lo0 inet proto tcp from any to 209.131.36.158 port 80 -> 209.132.4.203 port 80 pass out log quick on lo0 no state pass in log quick on lo0 no state pass out quick on fxp0 route-to 127.0.0.1 inet proto tcp from any to 209.131.36.158 port 80 keep state when I reload pf, it looks like the rules and nat stuff is indeed in place, but I get nothing when I attempt from the command line to telnet to 209.131.36.158 on port 80 I was expecting it to get answered on the local 127.0.0.1 port 80 which is indeed responding... any other ideas on how to accomplish this? Once again, I'm trying to make it so that any calls out from this box to certain IP's get redirected to a local IP on the box, so it never actually leaves the server... Thanks, Tim.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A582BE5.8020300>