Thank you for your response.
My rules are ok, because I have no other rules than that one, and I ran
the syntax checker on it...
I am indeed running 7.0, so I guess I could update the sources on that
machine to 7.1 and rebuild pf.
Thanks,
Tim.
Balázs Mátéffy wrote:
Hi there,
I think you should check pfctl -sr and pfctl -sn that your rules are ok, and
you don't deny that traffic explicitly.
However, I don't want to start a war, but on a machine I experienced that
with FreeBSD 7.0 or 7.1 the pf redirections didn't work, after a minor
release update, the problem went away with the same ruleset! (I think it was
7.0 and updated to 7.1 to get it working again)
But rdr pass should add the permitting access rule for your redirection
entry.
Maybe logging can help you too: http://www.openbsd.org/faq/pf/logging.html
Hope this helps!
Best Regards,
MB.
2009/7/2 Tim Traver <[email protected]>
Hi all,
ok, I'm a little new to messing around with pf, but have come up for a need
that it sounds like it should be able to solve.
I want to be able to redirect outgoing http requests from the box back to
local addresses on the box...
In reading up, it appears that the redirect config line should do that, and
in testing, I have a simple line like this in the pf.conf
rdr pass inet proto tcp from any to 209.131.36.158 port 80 -> [internal
address here] port 80
now, I haven't made that internal address be an address on the local box
yet, cause I'm testing to see how this works...
I can manually telnet to [internal address here] port 80 with no problems
and get the apache greeting.
Once I turn on and load the pf.conf file (with pfctl -F all -f
/etc/pf.conf), and I try to telnet to 209.131.36.158 port 80 (generic
www.yahoo.com), I don't get redirected to the internal address port 80 and
get the apache greeting that is expected...
I did turn on port forwarding as per the instructions for NAT, although it
didn't say if it was needed for rdr.
net.inet.ip.forwarding=1
in netstat, I see it trying to actually reach the ouside IP, which it cant,
so the translation didn't appear to take affect...
am I missing something ?
Thanks,
Tim.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
