From owner-freebsd-pf@FreeBSD.ORG Wed Nov 3 17:46:15 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EBC5016A4CE for ; Wed, 3 Nov 2004 17:46:15 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id 356AF43D2D for ; Wed, 3 Nov 2004 17:46:15 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CPPD3-0007T0-00; Wed, 03 Nov 2004 18:46:13 +0100 Received: from [217.83.7.152] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CPPD2-0007ln-00; Wed, 03 Nov 2004 18:46:13 +0100 From: Max Laier To: freebsd-pf@freebsd.org Date: Wed, 3 Nov 2004 18:45:59 +0100 User-Agent: KMail/1.7 References: <20041027135721.C553C68004@gunfright.epcdirect.co.uk> In-Reply-To: <20041027135721.C553C68004@gunfright.epcdirect.co.uk> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1135509.dVTT0hNEej"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200411031846.06586.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: rdr to another machine and back X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Nov 2004 17:46:16 -0000 --nextPart1135509.dVTT0hNEej Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi Lawrence, On Wednesday 27 October 2004 15:57, Lawrence Farr wrote: > I'm trying to work out how to get a gateway machine > to send all http requests to a separate machine and > get them back, network looks like this: [ hmm ... ASCII art killed by mail reader ] Setup understood. > So the router has 3 interfaces, one to the outside > world, one externally available network and one > internal. The proxy has 2 interfaces one to internal > and one externally available. I can redirect port 80 > to a proxy on the router without any issue, but want > to send them to the separate proxy machine. Has anyone > done this, or does anyone know of a howto? Well, it would be helpful to see tcpdumps from the proxy on the NIC connect= ed=20 with the gateway. Also if you ask questions like this, please try to includ= e=20 significant details about your ruleset. It's always helpful to check if the= =20 rules that you tried are matched at all (pfctl -vsr or -vsn in your case). Other than that, I don't know of a howto for this specific problem, the=20 pf.conf(5) manpage has some examples that redirect incoming SSH traffic to = a=20 different host, though. It should be possible to take it from there. Make=20 sure that the proxy knows how to get back (i.e. has a route to the client -= =20 remember "rdr" will not translate the source address!) > Many thanks [ Sorry for the delay, EuroBSDCon has been demanding - and a lot of FUN! ] =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1135509.dVTT0hNEej Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBiRleXyyEoT62BG0RApfvAJ4/u8e10oItQA5WEsXV0y7ONPJH+wCcCOXv lL5AczIL4hj4sOSj7+irHXg= =QXYi -----END PGP SIGNATURE----- --nextPart1135509.dVTT0hNEej--