Thanks for the info Nick, I had the reflection working with PF + Inetd + NC.
*in the inetd.conf I have the following:* #INTERNAL NC CONFIGURATION http stream tcp nowait root /usr/bin/nc nc -w 20 192.168.128.102 80 *in rc.conf in had to add the following to limit the proxy listening on the localhost Only:* inetd_flags="-wW -a 127.0.0.1" *the PF configuration is as follows:* TRANSLATION RULES: rdr pass on em0 inet proto tcp from any to 192.168.128.170 port = http -> 127.0.0.1 port 80 FILTER RULES: block drop log all pass in on lo0 inet6 proto tcp from any to fe80::1 port = http flags S/SA keep state pass in on lo0 inet6 proto tcp from any to ::1 port = http flags S/SA keep state pass in on lo0 inet proto tcp from any to 127.0.0.1 port = http flags S/SA keep state pass in on em0 inet proto tcp from any to 192.168.128.170 port = ssh flags S/SA keep state pass out all flags S/SA keep state Thanks for the heads up. Hope this works for someone. KR, Spas On Fri, Feb 5, 2010 at 8:39 PM, Nick Rogers <[email protected]> wrote: > > > On Fri, Feb 5, 2010 at 9:41 AM, Spas Karabelov <[email protected]>wrote: > >> Hello, >> >> I am trying to perform traffic redirection with PF on 7.2-RELEASE. >> The traffic is in the same subnet and I try doing that by using just one >> interface em0. > > > PF cannot redirect packets back out the interface they originated on. > > From pf.conf(5)... > > "Redirections cannot reflect packets back through the interface they arrive > on, they can only be redirected to hosts connected to different interfaces > or > to the firewall itself." > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[email protected]"
