Tim Traver wrote:
Chris Buechler wrote:
On Mon, Jul 6, 2009 at 1:28 AM, Tim Traver<[email protected]> wrote:
Thanks for responding. I am indeed testing this from within the same
machine, as I need the redirection to take place when attempting to
make
requests FROM the machine to an outside source.
Is there not a way to do that with pf ???
There are multiple options, see:
http://www.openbsd.org/faq/pf/rdr.html
Chris,
yes, that is where I originally got all of the information, and made
my original post with my redirection line in the pf.conf that does not
appear to be doing anything. I couldn't figure out why, hence the post
here.
Here is a copy of the original post if you think you might have any
insight...
Hi all,
ok, I'm a little new to messing around with pf, but have come up for a
need that it sounds like it should be able to solve.
I want to be able to redirect outgoing http requests from the box back
to local addresses on the box...
In reading up, it appears that the redirect config line should do
that, and in testing, I have a simple line like this in the pf.conf
rdr pass inet proto tcp from any to 209.131.36.158 port 80 ->
[internal address here] port 80
now, I haven't made that internal address be an address on the local
box yet, cause I'm testing to see how this works...
I can manually telnet to [internal address here] port 80 with no
problems and get the apache greeting.
Once I turn on and load the pf.conf file (with pfctl -F all -f
/etc/pf.conf), and I try to telnet to 209.131.36.158 port 80 (generic
www.yahoo.com), I don't get redirected to the internal address port 80
and get the apache greeting that is expected...
I did turn on port forwarding as per the instructions for NAT,
although it didn't say if it was needed for rdr.
net.inet.ip.forwarding=1
in netstat, I see it trying to actually reach the ouside IP, which it
cant, so the translation didn't appear to take affect...
am I missing something ?
Yes, I believe so.
rdr works only for incoming traffic. To redirect outgoing traffic
locally you
need to re-route the traffic using the route-to option.
Try these rules.
--
rdr pass on lo0 inet proto tcp from any to 209.131.36.158 port 80 ->
<internal address here> port 80
pass out log quick on lo0 no state
pass in log quick on lo0 no state
pass out quick on <outgoing if> route-to (lo0 <internal address here>)
inet proto tcp from any to 209.131.36.158 port 80 keep state
--
Thanks,
Tim.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
