Date: Wed, 18 Mar 2009 08:16:48 -0500 From: "Patrick Goggins" <pgoggins@cc.edu> To: <freebsd-pf@freebsd.org> Subject: pf rdr not redirecting completely Message-ID: <CCAD87F8C7B2514A9528BDEC06C905B007B1D36C@xmail.cc.edu> In-Reply-To: <49A8FED7.3000603@ngc.net.ua> References: <49A7D547.9040801@ngc.net.ua> <49A811D4.5030900@uffner.com><49A8177B.9010209@ngc.net.ua> <49A85BD4.7050105@uffner.com> <49A8FED7.3000603@ngc.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm running into a problem with a transparent bridge and the rdr functionality where when a device hits the rule they are being redirect but are unable to fully connect to the server.
Pf is set to skip on the management, external, and bridged interfaces; filtering is just on the internal interface.
Eth0: 172.20.5.240 (management interface, also serving apache pages)
Eth1: external, non-addressed
Eth2: internal, non-addressed
Bridge0: bridge between Eth1 and Eth2
Eth0 and Eth1 are on the same vlan
[Lan where 172.20.5.240 resides]---[managed switch]---[external interface]----[bridge0]-----[internal interface]------[unmanaged switch]------[test system]
Here's the rule I'm trying to run:
rdr on $int_if proto tcp from 172.20.0.0/16 to any port {80, 443} -> 172.20.68.31 port 80
additionally the following rules apply:
pass quick on $int_if proto tcp from any to any
When testing the rdr rule on another ip 172.20.5.239 (another physical server), the rule works correctly. I'm thinking it's having issues going out and then coming back in because it's seeing the request twice and dropping it???
~Patrick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CCAD87F8C7B2514A9528BDEC06C905B007B1D36C>