From owner-freebsd-pf@FreeBSD.ORG Fri Jul 3 10:46:53 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7FFBF1065672 for ; Fri, 3 Jul 2009 10:46:53 +0000 (UTC) (envelope-from dimitry@andric.com) Received: from tensor.andric.com (cl-327.ede-01.nl.sixxs.net [IPv6:2001:7b8:2ff:146::2]) by mx1.freebsd.org (Postfix) with ESMTP id 44DA38FC15 for ; Fri, 3 Jul 2009 10:46:53 +0000 (UTC) (envelope-from dimitry@andric.com) Received: from [IPv6:2001:7b8:3a7:0:2d66:27a4:c4f9:d401] (unknown [IPv6:2001:7b8:3a7:0:2d66:27a4:c4f9:d401]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tensor.andric.com (Postfix) with ESMTPSA id B595C5C59; Fri, 3 Jul 2009 12:46:51 +0200 (CEST) Message-ID: <4A4DE199.4010701@andric.com> Date: Fri, 03 Jul 2009 12:46:49 +0200 From: Dimitry Andric User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.1pre) Gecko/20090701 Shredder/3.0b3pre MIME-Version: 1.0 To: tt-list@simplenet.com References: <4A4D2010.4020908@simplenet.com> In-Reply-To: <4A4D2010.4020908@simplenet.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: Extremely simple redirect rule doesnt appear to be working X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jul 2009 10:46:53 -0000 On 2009-07-02 23:01, Tim Traver wrote: > In reading up, it appears that the redirect config line should do that, > and in testing, I have a simple line like this in the pf.conf > > rdr pass inet proto tcp from any to 209.131.36.158 port 80 -> [internal > address here] port 80 > > now, I haven't made that internal address be an address on the local box > yet, cause I'm testing to see how this works... > > I can manually telnet to [internal address here] port 80 with no > problems and get the apache greeting. > > Once I turn on and load the pf.conf file (with pfctl -F all -f > /etc/pf.conf), and I try to telnet to 209.131.36.158 port 80 (generic > www.yahoo.com), I don't get redirected to the internal address port 80 > and get the apache greeting that is expected... Please post your pf.conf, or it will rather difficult to see what is wrong.