Forwarding tcp 80 to 3128 proxy

I prepared a router with FreeBSD with two network interfaces:

- rl0 -> Ethernet diretta ADSL (IP: 192.168.1.101);
- ral0 -> shceda wifi HostAP (IP: 192.168.2.1).

In /etc/sysctl.conf file I put:
Code:
net.inet.ip.forwarding=1

In /etc/rc.conf file I put:
Code:
defaultrouter="192.168.1.1"
gateway_enable="YES"
hostname="marylin.it2000.it"
ifconfig_rl0="inet 192.168.1.101  netmask 255.255.255.0"
wlans_ral0="wlan0"
create_args_wlan0="wlanmode hostap"
ifconfig_wlan0="inet 192.168.2.1 netmask 255.255.255.0 ssid WiFiZone mode 11g channel 5"

I have installed DHCP server for WiFi:
# cd /usr/ports/net/isc-dhcp41-server
# make
# make install
# mv /usr/local/etc/dhcpd.conf /usr/local/etc/dhcpd.conf.orig

In /usr/local/etc/dhcpd.conf file I put:
Code:
option domain-name		"it2000.it";
option domain-name-servers	208.67.222.222;
default-lease-time		3600;
max-lease-time			84600;
ddns-update-style		ad-hoc;
subnet 192.168.2.0 netmask 255.255.255.0 {
	range			192.168.2.2 192.168.2.254;
	option routers		192.168.2.1;
}

In /etc/rc.conf file I put:
Code:
dhcpd_enable="YES"
dhcpd_ifaces="wlan0"

I changed kernel configuration for PF:
# cp /usr/src/sys/i386/conf/GENERIC /usr/src/sys/i386/conf/FIREWALL

In /usr/src/sys/i386/conf/FIREWALL file I put:
Code:
device          pf
device          pflog
device          pfsync

I have build a new custom kernel:
# cd /usr/src
# make buildkernel KERNCONF=FIREWALL
# make installkernel KERNCONF=FIREWALL
# reboot

In /etc/pf.conf file I put:
Code:
ext_if = "rl0"
int_if = "wlan0"
internal_net = "192.168.2.0/24"
table <firewall> const { self }
scrub all reassemble tcp fragment reassemble
nat on $ext_if from $internal_net to any -> ($ext_if)
block drop log all
pass out quick on $ext_if inet proto udp from ($ext_if) to any port { 53, 123 } keep state
pass out quick on $ext_if inet proto tcp from ($ext_if) to any port { 80, 443 } flags S/SA keep state
pass in quick on $int_if inet proto tcp from $internal_net to !<firewall> flags S/SA modulate state
pass in quick on $int_if inet proto udp from $internal_net to !<firewall> keep state

In /etc/rc.conf file I put:
Code:
pf_enable="YES"
pflog_enable="YES"
pf_rules="/etc/pf.conf"
pflog_logfile="/var/log/pflog"

Reboot and it's OK!

Now I want to route all packets from WiFi port 80 to my internal proxy server (192.168.1.102) and then proxy to the Internet and back to the WiFi client. How can I do this in PF configuration?

Thanks!
 
Code:
rdr on $int_if from any to any port 80 -> 192.168.1.102 port 3128
 
Back
Top