FreeBSD 9.2
I am running a proxy server made with node.js that will handle a few websocket applications I am creating. With node, you can run the server as a normal user as long as the port is not 80 otherwise you need to run it as root. I would like to redirect incoming port 80 traffic to localhost:8080 so that way I can avoid running the application as root for security purposes (or my perceived security of running applications as user to avoid root). I tried to look into the solution but have become more confused about how to or if it is even possible to do what I want with PF. I am not even sure if I need to enable a gateway for this too work. Below is where I am at with my PF configuration.
/etc/pf.conf modified example shipped with FreeBSD 9.2
/etc/rc.conf
I am running a proxy server made with node.js that will handle a few websocket applications I am creating. With node, you can run the server as a normal user as long as the port is not 80 otherwise you need to run it as root. I would like to redirect incoming port 80 traffic to localhost:8080 so that way I can avoid running the application as root for security purposes (or my perceived security of running applications as user to avoid root). I tried to look into the solution but have become more confused about how to or if it is even possible to do what I want with PF. I am not even sure if I need to enable a gateway for this too work. Below is where I am at with my PF configuration.
/etc/pf.conf modified example shipped with FreeBSD 9.2
Code:
# $FreeBSD: release/9.2.0/share/examples/pf/pf.conf 218854 2011-02-19 14:57:00Z brucec $
# $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $
#
# See pf.conf(5) and /usr/share/examples/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
########MACROS#######
ext_if="em0"
tcp_services="{ ssh www imaps }"
udp_services="{ imaps }"
set skip on lo
scrub in
#nat on $ext_if from !($ext_if) -> ($ext_if:0)
#rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
#no rdr on $ext_if proto tcp from <spamd-white> to any port smtp
#rdr pass on $ext_if proto tcp from any to any port smtp \
# -> 127.0.0.1 port spamd
block in
pass out
pass in on $ext_if proto tcp to ($ext_if) port $tcp_services
pass in log on $ext_if proto tcp to ($ext_if) port smtp
pass out log on $ext_if proto tcp from ($ext_if) to port smtp
pass in on $ext_if inet proto icmp from any to ($ext_if) icmp-type { unreach, redir, timex }/etc/rc.conf
Code:
hostname="tyr.coleburt.com"
ifconfig_em0="DHCP"
ifconfig_em0_ipv6="inet6 accept_rtadv"
pf_enable="YES" # Enable PF (load module if required)
pf_rules="/etc/pf.conf" # rules definition file for pf
pf_flags="" # additional flags for pfctl startup
pflog_enable="YES" # start pflogd(8)
pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
pflog_flags=""
sshd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
apache24_enable="YES"
mysql_enable="YES"
inetd_enable="NO"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
postfix_enable="YES"
dovecot_enable="YES"
openntpd_enable="YES"
openntpd_flags="-s"