From owner-freebsd-questions@FreeBSD.ORG  Wed Nov 30 18:15:25 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 91CCE106564A
	for <freebsd-questions@freebsd.org>;
	Wed, 30 Nov 2011 18:15:25 +0000 (UTC) (envelope-from max@mxcrypt.com)
Received: from mail-qw0-f47.google.com (mail-qw0-f47.google.com
	[209.85.216.47])
	by mx1.freebsd.org (Postfix) with ESMTP id 55BDB8FC14
	for <freebsd-questions@freebsd.org>;
	Wed, 30 Nov 2011 18:15:25 +0000 (UTC)
Received: by qaea17 with SMTP id a17so3741503qae.13
	for <freebsd-questions@freebsd.org>;
	Wed, 30 Nov 2011 10:15:24 -0800 (PST)
Received: by 10.229.29.204 with SMTP id r12mr567469qcc.154.1322675296854; Wed,
	30 Nov 2011 09:48:16 -0800 (PST)
MIME-Version: 1.0
Received: by 10.229.216.15 with HTTP; Wed, 30 Nov 2011 09:47:45 -0800 (PST)
In-Reply-To: <4ED65E89.3080208@msen.com>
References: <4ED65E89.3080208@msen.com>
From: Maxim Khitrov <max@mxcrypt.com>
Date: Wed, 30 Nov 2011 12:47:45 -0500
Message-ID: <CAJcQMWcccFB3ZiG23ok0hXu4zm1QbMqbCJXZJgS8kwAxmxgWdQ@mail.gmail.com>
To: Mark Moellering <mark@msen.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: FreeBSD <freebsd-questions@freebsd.org>
Subject: Re: pf rdr (redirect) syntax solved
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2011 18:15:25 -0000

On Wed, Nov 30, 2011 at 11:49 AM, Mark Moellering <mark@msen.com> wrote:
> My apologies for posting an answer without a question but this is somethi=
ng
> I want searchable in the future.
> To use redirection ( rdr ) in pf, you MUST specify an ip address or
> interface.
> For example, if you want to force external traffic coming in on port 80 t=
o
> port 443 and write this;
>
> rdr on $interface inet proto tcp from ! $internal_addresses to $interface
> port 80 -> port 443
>
> it FAILS! =C2=A0The PROPER syntax is;
>
> rdr on $interface inet proto tcp from ! $internal_addresses to $interface
> port 80 -> $interface port 443
>
> I hope this helps someone...

If you want to redirect all http connections to https, why not simply
have the server listen on port 80 to begin with?

An rdr rule is typically used to change the destination address, so it
is the port field that's optional. See 'rdr-rule' under the grammar
section of pf.conf(5).

By the way, you can use service names like 'http' and 'https' in place
of port numbers to make the configuration a bit more usable. See
/etc/services for a list of known ports.

- Max