Hi gang. I have a 3.7 box redirecting internet HTTP requests to my dynamically assigned address to an internal web server with the following PF line:
rdr on tun0 inet proto tcp from any to $EXT port 80 -> 192.168.2.214 All is well. When I needed to provide access to lan clients I added this line: rdr on $INT inet proto tcp from $LAN_clients to $EXT port 80 -> 192.168.2.214 All is well. I recently needed to redirect requests to http://example.com/ to http://example.com/dir/ and I accomplished this using mod_rewrite: RewriteRule ^/$ /dir/ [R,L] Internet requests are redirected. All is well. Incidentally, when I point lynx directly to example.com/dir/ it works but when I do the same with Firefox it doesn't. The main problem is when an internal client (using either browser) attempts to reach the server. Somehow the rewrite is breaking things. I have sniffed the traffic on the web server (leo) and I see the client (sonata) keeps resetting the connection: sonata.50203 > leo.www: S 3873582015:3873582015(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) leo.www > sonata.50203: S 1850416475:1850416475(0) ack 3873582016 win 16384 <mss 1460,nop,nop,sackOK> (DF) sonata.50203 > leo.www: R 3873582016:3873582016(0) win 0 (DF) sonata.59370 > leo.www: S 1346830390:1346830390(0) win 65535 <mss 1460,nop,nop,sackOK,nop,wscale 1,nop,nop,timestamp 79863297 0> (DF) leo.www > sonata.59370: S 100367935:100367935(0) ack 1346830391 win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 1225378424 79863297> (DF) sonata.59370 > leo.www: . ack 1 win 33304 <nop,nop,timestamp 79863297 1225378424> (DF) sonata.59370 > leo.www: P 1:446(445) ack 1 win 33304 <nop,nop,timestamp 79863297 1225378424> (DF) leo.www > sonata.59370: P 1:524(523) ack 446 win 17376 <nop,nop,timestamp 1225378424 79863297> (DF) sonata.51209 > leo.www: S 172896183:172896183(0) win 65535 <mss 1460,nop,nop,sackOK,nop,wscale 1,nop,nop,timestamp 79863304 0> (DF) leo.www > sonata.51209: S 226194437:226194437(0) ack 172896184 win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 2863479542 79863304> (DF) sonata.51209 > leo.www: R 172896184:172896184(0) win 0 (DF) sonata.59370 > leo.www: . ack 524 win 33304 <nop,nop,timestamp 79863313 1225378424> (DF) sonata.51209 > leo.www: S 172896183:172896183(0) win 65535 <mss 1460,nop,nop,sackOK,nop,wscale 1,nop,nop,timestamp 79863604 0> (DF) leo.www > sonata.51209: S 1749620331:1749620331(0) ack 172896184 win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 1110303664 79863604> (DF) sonata.51209 > leo.www: R 172896184:172896184(0) win 0 (DF) sonata.51209 > leo.www: S 172896183:172896183(0) win 65535 <mss 1460,nop,nop,sackOK,nop,wscale 1,nop,nop,timestamp 79863924 0> (DF) leo.www > sonata.51209: S 1451968876:1451968876(0) ack 172896184 win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 610489831 79863924> (DF) sonata.51209 > leo.www: R 172896184:172896184(0) win 0 (DF) sonata.51209 > leo.www: S 172896183:172896183(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) leo.www > sonata.51209: S 1937590863:1937590863(0) ack 172896184 win 16384 <mss 1460,nop,nop,sackOK> (DF) sonata.51209 > leo.www: R 172896184:172896184(0) win 0 (DF)t proto tcp from any to $EXT port 80 -> 192.168.2.214 Here is what I get from lynx: http://httpd.apacheLooking up example.com Making HTTP connection to example.com Sending HTTP request. HTTP request sent; waiting for response. HTTP/1.1 302 Found Data transfer complete HTTP/1.1 302 Found Using http://www.example.com/dir/ Looking up www.example.com Making HTTP connection to www.example.com Alert!: Unable to connect to remote host. < long pause > lynx: Can't access startfile http://example.com/ Is this a PF issue? I'm not sure. Thanks for any input, Peter __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
