PF PF port forwarding to external host

[ything]

Hi everybody,

I try to use PF for port forwarding only and not as firewall.

My (experimental) pf.conf:

# IP of host where pf is running: 10.0.0.74
# IP of an external host with a web server: 10.0.0.23
rdr pass on em0 proto tcp from any to em0 port 2222 -> 10.0.0.74 port 22
rdr pass on em0 proto tcp from any to em0 port 8888 -> 10.0.0.23 port 80

pass in all
pass out all

My expectation is that a:
curl http://10.0.0.74:8888
Shows the contents of http://10.0.0.23:80 but I got a timeout.

The ssh redirection to the PF host itself (the first line of the config) works:
ssh -p 2222 user@10.0.0.74
same as
ssh user@10.0.0.74

Thanks for any help.
Regards

 

[SirDice]

From pf.conf(5):

Redirections cannot reflect packets back through the interface they arrive on, they can only be redirected to hosts connected to different interfaces or to the firewall itself.

 

[ything]

From pf.conf(5):

Many thanks for the advice. Do you know any other solution for the redirection back to the incoming interface? Maybe with NAT or another tool. (We have to replace fwtk.)
I also tried with 2 interfaces and started the request from another interface. This did not work either.

Regards

 

[junovitch@]

A proxy? net/haproxy or net/relayd are options.

 

[SirDice]

I think you need to rethink your strategy. Instead of trying to bend the facts, fix the original issue. I.e. fix whatever is sending data to the wrong IP addresses. Even if you find something that will reflect the traffic, you don't want to bounce network traffic around. It's going to be bad for performance and even worse when trying to diagnose why something isn't working.