Hi!
I've got a problem with rdr rules in pf. I've got a firewall running freebsd which redirects 80 port to web server on LAN behind this firewall. rdr rules work fine but in Apache access log I see only firewall ip. The configuration of pf is something like this:
Official pf docyumentation says that rdr rules apply before filtering so source ip of the client of web server is substituted by firewall internal ip. Is there any way to keep the real source ip of the cline tof web server? Also I have mail server behind the firewall and i need to know real ip of clients to block untrusted connections.
Thanks!
I've got a problem with rdr rules in pf. I've got a firewall running freebsd which redirects 80 port to web server on LAN behind this firewall. rdr rules work fine but in Apache access log I see only firewall ip. The configuration of pf is something like this:
Code:
ext_if="xl0" # external interface of the firewall
int_ifw="xl2" # internal interface of the firewall
ext_ip="xxx.xxx.xxx.xxx" # external ip of the firewall
int_netw="172.16.1.5" # ip of web server
nat on $int_ifw proto tcp from any to 172.16.1.5 port 80 -> ($int_ifw)
rdr on $ext_if proto tcp from any to $ext_ip port 80 -> $int_netw port 80
block in all
pass in on $ext_if proto tcp from any to $int_netw port 80 keep state
Official pf docyumentation says that rdr rules apply before filtering so source ip of the client of web server is substituted by firewall internal ip. Is there any way to keep the real source ip of the cline tof web server? Also I have mail server behind the firewall and i need to know real ip of clients to block untrusted connections.
Thanks!