----- Forwarded message from James Shupe <[EMAIL PROTECTED]> ----- > From: James Shupe <[EMAIL PROTECTED]> > To: Jeremy Chadwick <[EMAIL PROTECTED]> > Date: Wed, 27 Aug 2008 20:26:59 -0500 > Subject: Re: Squid/ Danguardian + Transparent Bridge > > I've tried this, and it works with NAT but not when the interfaces are > in a bridge. I'll re-attempt this tomorrow though, just in case I'm wrong. > > Thank you, > James Shupe > > Jeremy Chadwick wrote: > > On Wed, Aug 27, 2008 at 07:29:09PM -0500, James Shupe wrote: > >> I've been trying to get pf to transparently redirect all incoming > >> traffic on port 80 to port 8080 on a bridge to pass through to > >> Dansguardian. This machine is a replacement for a Linux box which did > >> the same thing with IPtables flawlessly, but I can't seem to get it work > >> with PF. I've tried using dozens of rulesets, including route-to > >> statements, and have had no success. I was wondering if anybody has a > >> working ruleset that they could share as an example, as I've seen lots > >> of questions in mailing list archives regarding this, but no positive > >> fixes. > > > > You mean something like this? > > > > rdr pass proto tcp from any to <ipofyourbox> port 80 -> 127.0.0.1 port 8080 > > > > Assuming ipofyourbox is 4.4.4.4, this will transparently redirect > > incoming connections to 4.4.4.4 port 80 to 127.0.0.1 port 8080. > > Response packets will also be remapped appropriately (meaning the remote > > user will see the response packets coming from 4.4.4.4 port 80). > > > > This is under the assumption that Dansguardian is listening on 127.0.0.1 > > port 8080. It might just be listening on INADDR_ANY port 8080, in which > > case you should probably configure it to bind to 127.0.0.1 -- or if > > you cannot, set up an appropriate firewall rule in pf to block that > > traffic (so people on the Internet cannot connect to 4.4.4.4 port 8080 > > and talk to Dansguardian directly). > > > > Hope this helps. > > > > Thank you, > -- > James Shupe > HermeTek Network Solutions > http//www.hermetek.com > 1.866.325.6207 ----- End forwarded message -----
James forgot to CC the list when replying; I got his permission to forward this. His problem seems to be when using rdr while a bridge is in use. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
