Date: Wed, 27 Aug 2008 20:46:14 -0700 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: freebsd-pf@freebsd.org Subject: Fwd: Re: Squid/ Danguardian + Transparent Bridge Message-ID: <20080828034614.GA11207@icarus.home.lan>
next in thread | raw e-mail | index | archive | help
----- Forwarded message from James Shupe <shupej@hermetek.com> ----- > From: James Shupe <shupej@hermetek.com> > To: Jeremy Chadwick <koitsu@FreeBSD.org> > Date: Wed, 27 Aug 2008 20:26:59 -0500 > Subject: Re: Squid/ Danguardian + Transparent Bridge > > I've tried this, and it works with NAT but not when the interfaces are > in a bridge. I'll re-attempt this tomorrow though, just in case I'm wrong. > > Thank you, > James Shupe > > Jeremy Chadwick wrote: > > On Wed, Aug 27, 2008 at 07:29:09PM -0500, James Shupe wrote: > >> I've been trying to get pf to transparently redirect all incoming > >> traffic on port 80 to port 8080 on a bridge to pass through to > >> Dansguardian. This machine is a replacement for a Linux box which did > >> the same thing with IPtables flawlessly, but I can't seem to get it work > >> with PF. I've tried using dozens of rulesets, including route-to > >> statements, and have had no success. I was wondering if anybody has a > >> working ruleset that they could share as an example, as I've seen lots > >> of questions in mailing list archives regarding this, but no positive fixes. > > > > You mean something like this? > > > > rdr pass proto tcp from any to <ipofyourbox> port 80 -> 127.0.0.1 port 8080 > > > > Assuming ipofyourbox is 4.4.4.4, this will transparently redirect > > incoming connections to 4.4.4.4 port 80 to 127.0.0.1 port 8080. > > Response packets will also be remapped appropriately (meaning the remote > > user will see the response packets coming from 4.4.4.4 port 80). > > > > This is under the assumption that Dansguardian is listening on 127.0.0.1 > > port 8080. It might just be listening on INADDR_ANY port 8080, in which > > case you should probably configure it to bind to 127.0.0.1 -- or if > > you cannot, set up an appropriate firewall rule in pf to block that > > traffic (so people on the Internet cannot connect to 4.4.4.4 port 8080 > > and talk to Dansguardian directly). > > > > Hope this helps. > > > > Thank you, > -- > James Shupe > HermeTek Network Solutions > http//www.hermetek.com > 1.866.325.6207 ----- End forwarded message ----- James forgot to CC the list when replying; I got his permission to forward this. His problem seems to be when using rdr while a bridge is in use. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080828034614.GA11207>