From owner-freebsd-pf@FreeBSD.ORG Mon Jul 13 04:15:39 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3D8D7106564A for ; Mon, 13 Jul 2009 04:15:39 +0000 (UTC) (envelope-from rmaglasang@infoweapons.com) Received: from infoweapons.com (mail0.infoweapons.org [204.2.248.50]) by mx1.freebsd.org (Postfix) with ESMTP id D8BBB8FC13 for ; Mon, 13 Jul 2009 04:15:38 +0000 (UTC) (envelope-from rmaglasang@infoweapons.com) Received: from ([58.71.34.146]) by mail0.infoweapons.com with ESMTP id 4321444.4119991; Mon, 13 Jul 2009 00:00:14 -0400 Received: from sho2.cebu.infoweapons.com ([10.3.1.42]) by cebexch01.cebu.infoweapons.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 13 Jul 2009 12:00:13 +0800 Message-ID: <4A5AB160.8040306@infoweapons.com> Date: Mon, 13 Jul 2009 12:00:32 +0800 From: Ronnel Maglasang User-Agent: Thunderbird 2.0.0.21 (X11/20090706) MIME-Version: 1.0 To: tt-list@simplenet.com References: <4A4D2010.4020908@simplenet.com> <4A4F0950.7020005@simplenet.com> <4A518B6B.1010407@simplenet.com> <4A518F07.1070209@simplenet.com> <4A5190C1.2060205@infoweapons.com> <4A582BE5.8020300@simplenet.com> In-Reply-To: <4A582BE5.8020300@simplenet.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 13 Jul 2009 04:00:13.0661 (UTC) FILETIME=[6C9720D0:01CA036E] Cc: freebsd-pf@freebsd.org Subject: Re: Extremely simple redirect rule doesnt appear to be working X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jul 2009 04:15:39 -0000 Tim Traver wrote: >>> am I missing something ? >>> >>> >> Yes, I believe so. >> >> rdr works only for incoming traffic. To redirect outgoing traffic >> locally you >> need to re-route the traffic using the route-to option. >> >> Try these rules. >> >> -- >> rdr pass on lo0 inet proto tcp from any to 209.131.36.158 port 80 -> >> port 80 >> pass out log quick on lo0 no state >> pass in log quick on lo0 no state >> >> pass out quick on route-to (lo0 ) >> inet proto tcp from any to 209.131.36.158 port 80 keep state >> -- >> >> > Hmmm...I tried that configuration, but it still doesn't seem to produce > anything : > > here is the exact config that I am using based on your statements : > > rdr pass on lo0 inet proto tcp from any to 209.131.36.158 port 80 -> > 209.132.4.203 port 80 > pass out log quick on lo0 no state > pass in log quick on lo0 no state > > pass out quick on fxp0 route-to 127.0.0.1 inet proto tcp from any to > 209.131.36.158 port 80 keep state > > when I reload pf, it looks like the rules and nat stuff is indeed in > place, but I get nothing when I attempt from the command line to telnet > to 209.131.36.158 on port 80 > > I was expecting it to get answered on the local 127.0.0.1 port 80 which > is indeed responding... > > any other ideas on how to accomplish this? > > Once again, I'm trying to make it so that any calls out from this box to > certain IP's get redirected to a local IP on the box, so it never > actually leaves the server... > > I have similar setup and appears to be working... Please attach the output of the following commands: ifconfig -a sockstat pfctl -sa > Thanks, > > Tim. > > > > >