[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf rdr on requests originating from firewall box itself
On Sat, Jun 14, 2003 at 04:52:26PM -0400, Michael Purcaro wrote:
> 127.0.0.1:5000 stream tcp nowait nobody /usr/bin/nc nc -w 20 192.168.1.2 80
> rdr on $ext_if proto tcp from any to any port 80 -> $WWW_IP port 80
> rdr on $int_if proto tcp from $int_net to $ext_if port 80 -> 127.0.0.1 port \
> pass in log on $ext_if inet proto tcp from any to $WWW_IP port 80 keep \
> pass out on $int_if inet proto tcp from any to $WWW_IP port 80 keep \
> # telnet my.domain.name 80
> Trying a.b.c.d...
assuming 'a.b.c.d' is the IP also assigned to the external interface, which
resolves to 'my.domain.name', what about:
rdr on lo0 inet proto tcp from a.b.c.d to a.b.c.d port 80 tag HELLO -> (lo0) port 5000
pass on lo0 keep state tagged HELLO
i'm working on something not quite entirely unlike that at the moment,
so if that's not exactly what you need, lemmie know.