Nice that you have it working with ipfw.
I have no hands-on experience with FreeBSD9 and those divert-to rules.
Reading their explanation led me to expect it should be able to work,
and resolve the issue of needing 2 firewalls pf&ipfw simultaneously.
As Joris also writes you should probably not redirect all traffic that
flows from any-to-any, but only that what was originally already going
to the proper destination port so any-to-any2222.
So possibly something like this: pass in quick on vlan64 inet proto tcp
from any to any port 2222 divert-to 127.0.0.1 port 2222
If this can actually work, i currently do not know.. My only FreeBSD 9
pf knowledge is from reading its manual..... So cant help with that.
If you do manage to get the divert-to working please do share it with us.
Op 12-7-2013 7:37, jinge schreef:
I just follow your advice and find my pf configure is not correct
rdr on vlan64 proto tcp from any to any -> 127.0.0.1 port 2222
And I change to ipfw and fwd then it works corrently.
ipfw add fwd 127.0.0.1,2222 tcp from any to any via vlan64 in
And you tell my I can use pf's divert-to, but after a test I found it
doesn't work.Here is the configure
pass in quick on vlan64 inet proto tcp from any to any divert-to
127.0.0.1 port 2222
So can your tell my the right configure?
On 2013-7-11, at 下午12:07, jinge <altman87...@gmail.com
Thanks for your reply!
And I will follow your advice!
On 2013-7-10, at 上午4:25, PiBa-NL <piba.nl....@gmail.com
Im not exactly sure how this is supposed to work.. did manage to get
transparent proxy for the server side working.. (the server is
presented with a connection from original client ip.) This works
with haproxy 1.5dev19 on FreeBSD8.3 with help of some ipfw fwd rules..
Your config also seams to be working (used some parts their-of to
Did require the following ipfw rule for me..:
ipfw add 90 fwd localhost tcp from any to any 2222 in recv em1
Actually on pfSense it also needs "-x haproxy" as it is a bit
customized.. And because i run 'ipfw' combined with 'pf' i also
needed to configure pf with floating 'pass on match' rules to allow
the 'strange traffic'.. That pf cannot handle..
If you however have FreeBSD 9 you might want to look into the
divert-to rules that pf can make. Might make stuff simpler if it
turns out to work..
Please report back your required settings (&config if it changes)
when you manage to get it working.
Op 9-7-2013 12:55, jinge schreef:
We use haproxy and FreeBSD for our cache system. And we want to use
the transparent option
for some compatiable things.
But found it doest work. Here is the configure which worked in Ubuntu.
#distingush HTTP and non-HTTP
tcp-request inspect-delay 30s
tcp-request content accept if HTTP
no option httpclose
no option http-server-close
no option accept-invalid-http-response
Can anyone tell my if is the FreeBSD can not support transparent
here or my configure is not correct ? And how to make transparent