Date: Wed, 30 Nov 2011 20:10:04 +0100 From: Damien Fleuriot <ml@my.gd> To: Mark Moellering <mark@msen.com> Cc: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: pf rdr (redirect) syntax solved Message-ID: <69313081-6D4F-45D3-88E7-8F80611B3FF8@my.gd> In-Reply-To: <4ED65E89.3080208@msen.com> References: <4ED65E89.3080208@msen.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 30 Nov 2011, at 17:49, Mark Moellering <mark@msen.com> wrote: > My apologies for posting an answer without a question but this is somethin= g I want searchable in the future. > To use redirection ( rdr ) in pf, you MUST specify an ip address or interf= ace. > For example, if you want to force external traffic coming in on port 80 to= port 443 and write this; >=20 > rdr on $interface inet proto tcp from ! $internal_addresses to $interface p= ort 80 -> port 443 >=20 > it FAILS! The PROPER syntax is; >=20 > rdr on $interface inet proto tcp from ! $internal_addresses to $interface p= ort 80 -> $interface port 443 >=20 > I hope this helps someone... >=20 > Mark Moellering >=20 Do not take this personally but I find it exceedingly disturbing that you sh= ould use the ml as a documentation storage space. You really should store this kind of information internally, such as a comme= nt in your pf.conf and/or a wiki. Additionally, you may find the correct syntax for rdr rules in man pf.conf, s= o you'll always have an example handy.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69313081-6D4F-45D3-88E7-8F80611B3FF8>