Date: Sat, 04 Jul 2009 00:48:32 -0700 From: Tim Traver <tt-list@simplenet.com> To: =?ISO-8859-1?Q?Bal=E1zs_M=E1t=E9ffy?= <repcsike@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Extremely simple redirect rule doesnt appear to be working Message-ID: <4A4F0950.7020005@simplenet.com> In-Reply-To: <c4b701070907030313s62a4bc33nbea633edee178572@mail.gmail.com> References: <4A4D2010.4020908@simplenet.com> <c4b701070907030313s62a4bc33nbea633edee178572@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you for your response. My rules are ok, because I have no other rules than that one, and I ran the syntax checker on it... I am indeed running 7.0, so I guess I could update the sources on that machine to 7.1 and rebuild pf. Thanks, Tim. Balázs Mátéffy wrote: > Hi there, > > I think you should check pfctl -sr and pfctl -sn that your rules are ok, and > you don't deny that traffic explicitly. > > However, I don't want to start a war, but on a machine I experienced that > with FreeBSD 7.0 or 7.1 the pf redirections didn't work, after a minor > release update, the problem went away with the same ruleset! (I think it was > 7.0 and updated to 7.1 to get it working again) > > But rdr pass should add the permitting access rule for your redirection > entry. > > Maybe logging can help you too: http://www.openbsd.org/faq/pf/logging.html > > Hope this helps! > > Best Regards, > > MB. > > > 2009/7/2 Tim Traver <tt-list@simplenet.com> > > >> Hi all, >> >> ok, I'm a little new to messing around with pf, but have come up for a need >> that it sounds like it should be able to solve. >> >> I want to be able to redirect outgoing http requests from the box back to >> local addresses on the box... >> >> In reading up, it appears that the redirect config line should do that, and >> in testing, I have a simple line like this in the pf.conf >> >> rdr pass inet proto tcp from any to 209.131.36.158 port 80 -> [internal >> address here] port 80 >> >> now, I haven't made that internal address be an address on the local box >> yet, cause I'm testing to see how this works... >> >> I can manually telnet to [internal address here] port 80 with no problems >> and get the apache greeting. >> >> Once I turn on and load the pf.conf file (with pfctl -F all -f >> /etc/pf.conf), and I try to telnet to 209.131.36.158 port 80 (generic >> www.yahoo.com), I don't get redirected to the internal address port 80 and >> get the apache greeting that is expected... >> >> I did turn on port forwarding as per the instructions for NAT, although it >> didn't say if it was needed for rdr. >> >> net.inet.ip.forwarding=1 >> >> in netstat, I see it trying to actually reach the ouside IP, which it cant, >> so the translation didn't appear to take affect... >> >> am I missing something ? >> >> Thanks, >> >> Tim. >> >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >> >> > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A4F0950.7020005>