Date: Mon, 13 Jul 2009 12:00:32 +0800 From: Ronnel Maglasang <rmaglasang@infoweapons.com> To: tt-list@simplenet.com Cc: freebsd-pf@freebsd.org Subject: Re: Extremely simple redirect rule doesnt appear to be working Message-ID: <4A5AB160.8040306@infoweapons.com> In-Reply-To: <4A582BE5.8020300@simplenet.com> References: <4A4D2010.4020908@simplenet.com> <c4b701070907030313s62a4bc33nbea633edee178572@mail.gmail.com> <4A4F0950.7020005@simplenet.com> <d64aa1760907040642w1d7fa1ecp8be75728235da8a1@mail.gmail.com> <4A518B6B.1010407@simplenet.com> <d64aa1760907052237l6c692961ic777fe09a44ce426@mail.gmail.com> <4A518F07.1070209@simplenet.com> <4A5190C1.2060205@infoweapons.com> <4A582BE5.8020300@simplenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Tim Traver wrote: >>> am I missing something ? >>> >>> >> Yes, I believe so. >> >> rdr works only for incoming traffic. To redirect outgoing traffic >> locally you >> need to re-route the traffic using the route-to option. >> >> Try these rules. >> >> -- >> rdr pass on lo0 inet proto tcp from any to 209.131.36.158 port 80 -> >> <internal address here> port 80 >> pass out log quick on lo0 no state >> pass in log quick on lo0 no state >> >> pass out quick on <outgoing if> route-to (lo0 <internal address here>) >> inet proto tcp from any to 209.131.36.158 port 80 keep state >> -- >> >> > Hmmm...I tried that configuration, but it still doesn't seem to produce > anything : > > here is the exact config that I am using based on your statements : > > rdr pass on lo0 inet proto tcp from any to 209.131.36.158 port 80 -> > 209.132.4.203 port 80 > pass out log quick on lo0 no state > pass in log quick on lo0 no state > > pass out quick on fxp0 route-to 127.0.0.1 inet proto tcp from any to > 209.131.36.158 port 80 keep state > > when I reload pf, it looks like the rules and nat stuff is indeed in > place, but I get nothing when I attempt from the command line to telnet > to 209.131.36.158 on port 80 > > I was expecting it to get answered on the local 127.0.0.1 port 80 which > is indeed responding... > > any other ideas on how to accomplish this? > > Once again, I'm trying to make it so that any calls out from this box to > certain IP's get redirected to a local IP on the box, so it never > actually leaves the server... > > I have similar setup and appears to be working... Please attach the output of the following commands: ifconfig -a sockstat pfctl -sa > Thanks, > > Tim. > > > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A5AB160.8040306>