From owner-freebsd-questions@FreeBSD.ORG Wed Nov 30 17:11:31 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0B260106566C for ; Wed, 30 Nov 2011 17:11:31 +0000 (UTC) (envelope-from mark@msen.com) Received: from shell.msen.com (msen.com [148.59.86.2]) by mx1.freebsd.org (Postfix) with ESMTP id CCEEC8FC19 for ; Wed, 30 Nov 2011 17:11:30 +0000 (UTC) X-Sent-To: Received: from [192.168.1.112] (c-68-40-255-141.hsd1.mi.comcast.net [68.40.255.141]) (authenticated bits=0) by shell.msen.com (8.14.3/8.14.3) with ESMTP id pAUGnErg049627 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Wed, 30 Nov 2011 11:49:15 -0500 (EST) (envelope-from mark@msen.com) Message-ID: <4ED65E89.3080208@msen.com> Date: Wed, 30 Nov 2011 11:49:13 -0500 From: Mark Moellering User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0 MIME-Version: 1.0 To: FreeBSD Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: Pass (sender authenticated); receiver=msen.com; client-ip=68.40.255.141; envelope-from= Received-SPF: Pass (sender authenticated); receiver=msen.com; client-ip=68.40.255.141; helo=[192.168.1.112] Subject: pf rdr (redirect) syntax solved X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2011 17:11:31 -0000 My apologies for posting an answer without a question but this is something I want searchable in the future. To use redirection ( rdr ) in pf, you MUST specify an ip address or interface. For example, if you want to force external traffic coming in on port 80 to port 443 and write this; rdr on $interface inet proto tcp from ! $internal_addresses to $interface port 80 -> port 443 it FAILS! The PROPER syntax is; rdr on $interface inet proto tcp from ! $internal_addresses to $interface port 80 -> $interface port 443 I hope this helps someone... Mark Moellering