Date: Wed, 27 Aug 2008 18:03:32 -0700 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: James Shupe <shupej@hermetek.com> Cc: freebsd-pf@freebsd.org Subject: Re: Squid/ Danguardian + Transparent Bridge Message-ID: <20080828010332.GA8172@icarus.home.lan> In-Reply-To: <48B5F155.3000107@hermetek.com> References: <48B5F155.3000107@hermetek.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 27, 2008 at 07:29:09PM -0500, James Shupe wrote: > I've been trying to get pf to transparently redirect all incoming > traffic on port 80 to port 8080 on a bridge to pass through to > Dansguardian. This machine is a replacement for a Linux box which did > the same thing with IPtables flawlessly, but I can't seem to get it work > with PF. I've tried using dozens of rulesets, including route-to > statements, and have had no success. I was wondering if anybody has a > working ruleset that they could share as an example, as I've seen lots > of questions in mailing list archives regarding this, but no positive fixes. You mean something like this? rdr pass proto tcp from any to <ipofyourbox> port 80 -> 127.0.0.1 port 8080 Assuming ipofyourbox is 4.4.4.4, this will transparently redirect incoming connections to 4.4.4.4 port 80 to 127.0.0.1 port 8080. Response packets will also be remapped appropriately (meaning the remote user will see the response packets coming from 4.4.4.4 port 80). This is under the assumption that Dansguardian is listening on 127.0.0.1 port 8080. It might just be listening on INADDR_ANY port 8080, in which case you should probably configure it to bind to 127.0.0.1 -- or if you cannot, set up an appropriate firewall rule in pf to block that traffic (so people on the Internet cannot connect to 4.4.4.4 port 8080 and talk to Dansguardian directly). Hope this helps. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080828010332.GA8172>