How to redirect ports (not forward)

  • Thread starter Thread starter Anonymous
  • Start date Start date
A

Anonymous

Guest
On my network I want users to connect to my gateway and then redirect all of their HTTP traffic to my own custom server on another port where they have to login. How to I redirect all traffic destined for port 80 to the port my application is running on the local gateway?
 
Something straightforward like this? If you mean http traffic to the gateway, that is, not to anywhere.

Code: 
rdr pass on $int_if inet proto tcp from $lan to $int_if port 80 -> $int_if port 8000
 
I'm trying to get it to where ANY of their http traffic will be redirected to my server. My school does this, when you connect to their wireless network and type in google.com, facebook.com, etc your browser is redirected to their own http server where you have to login. I want to do the exact same thing.

Something like

Code: 
rdr pass on $int_if inet proto tcp from $lan to <I don't know what would go here> port 80 -> <localhost?> port 8000
 
To catch all destinations, simply use 'any'. So what happens after you log in? You will still be redirected by that generic rdr rule, unless you do stuff with dynamically updated tables and separate 'no rdr' rules for authenticated users.
 
Thanks Dutch. Yeah Ill have to update the tables to allow the ip address they logged in from to bypass the server. Python will probably help here. Now I just need to figure out how to setup pf instead of ipfw.
 
To use pf with NAT can I just replace
Code: 
gateway_enable="YES" 
firewall_enable="YES" 
firewall_type="OPEN" 
natd_enable="YES"
natd_interface="fxp0" 
natd_flags=""
with
Code: 
gateway_enable="YES" 
pf_enable="YES"
natd_enable="YES"
natd_interface="fxp0" 
natd_flags=""
Does firewall_type="OPEN" only apply to ipfw or do I need to leave it or replace it with some pf equivalent? And what about loader.conf, what do I do about
Code: 
ipfw_load="YES"
ipdivert_load="YES"
 
Remove natd. PF handles NAT itself. All firewall_*, ipfw_* and ipdivert-* type settings are unneeded as well. If your ruleset is in the default location (/etc/pf.conf), all you need is pf_enable and maybe pflog_enable (so you can troubleshoot pf rules with the log keyword).
 
You must log in or register to reply here.
Back
Top