I would like to use pf to NAT inbound web packets and then redirect them
to a local squid proxy. The redirect works fine, but I have been
unable to get pf to NAT inbound traffic to a server with a single
interface.
Here is an example of the pf.conf file.
table <server_net> { 172.16.1.32/28 }
nat inet proto tcp from ! <server_net> to port 80 -> 10.1.96.1
rdr inet proto tcp from ! <server_net> to port 80 -> 127.0.0.1 port 3128
pass out all keep state
pass in all
And here are the NAT rules stats.
#pfctl -s nat -v
No ALTQ support in kernel
ALTQ related functions disabled
nat inet proto tcp from ! 172.16.1.39 to any port = http -> 10.1.96.1
[ Evaluations: 231 Packets: 0 Bytes: 0
States: 0 ]
rdr inet proto tcp from ! 172.16.1.39 to any port = http -> 127.0.0.1
port 3128
[ Evaluations: 125 Packets: 212 Bytes: 75696
States: 14 ]
Was pf designed to NAT inbound traffic to a server with a single network
interface ?
Thanks much,
John
