[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf rdr on requests originating from firewall box itself



On Sat, Jun 14, 2003 at 04:52:26PM -0400, Michael Purcaro wrote:
> /etc/inetd.conf
> 127.0.0.1:5000 stream tcp nowait nobody /usr/bin/nc nc -w 20 192.168.1.2 80
>
> /etc/pf.conf
> rdr on $ext_if proto tcp from any      to any     port 80 -> $WWW_IP port 80
> rdr on $int_if proto tcp from $int_net to $ext_if port 80 -> 127.0.0.1 port \
> 5000
> pass in  log on $ext_if inet proto tcp from any to $WWW_IP port 80 keep \
> state
> pass out     on $int_if inet proto tcp from any to $WWW_IP port 80 keep \
> state
>
> # telnet my.domain.name 80
> Trying a.b.c.d...
assuming 'a.b.c.d' is the IP also assigned to the external interface, which
resolves to 'my.domain.name', what about:
###
rdr on lo0 inet proto tcp from a.b.c.d to a.b.c.d port 80 tag HELLO -> (lo0) port 5000
pass on lo0 keep state tagged HELLO
###
  i'm working on something not quite entirely unlike that at the moment, 
  so if that's not exactly what you need, lemmie know.
  jared.