Date: Wed, 30 Nov 2011 12:47:45 -0500 From: Maxim Khitrov <max@mxcrypt.com> To: Mark Moellering <mark@msen.com> Cc: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: pf rdr (redirect) syntax solved Message-ID: <CAJcQMWcccFB3ZiG23ok0hXu4zm1QbMqbCJXZJgS8kwAxmxgWdQ@mail.gmail.com> In-Reply-To: <4ED65E89.3080208@msen.com> References: <4ED65E89.3080208@msen.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 30, 2011 at 11:49 AM, Mark Moellering <mark@msen.com> wrote: > My apologies for posting an answer without a question but this is somethi= ng > I want searchable in the future. > To use redirection ( rdr ) in pf, you MUST specify an ip address or > interface. > For example, if you want to force external traffic coming in on port 80 t= o > port 443 and write this; > > rdr on $interface inet proto tcp from ! $internal_addresses to $interface > port 80 -> port 443 > > it FAILS! =C2=A0The PROPER syntax is; > > rdr on $interface inet proto tcp from ! $internal_addresses to $interface > port 80 -> $interface port 443 > > I hope this helps someone... If you want to redirect all http connections to https, why not simply have the server listen on port 80 to begin with? An rdr rule is typically used to change the destination address, so it is the port field that's optional. See 'rdr-rule' under the grammar section of pf.conf(5). By the way, you can use service names like 'http' and 'https' in place of port numbers to make the configuration a bit more usable. See /etc/services for a list of known ports. - Max
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJcQMWcccFB3ZiG23ok0hXu4zm1QbMqbCJXZJgS8kwAxmxgWdQ>