PF Redirect all local outbound traffic

danramosd

New Member


Messages: 4

I've been searching high and low for days and I'm 100% stuck with PF. Essentially I want to take all of my local, outbound HTTP(S) traffic and redirect it to a local proxy on 127.0.0.1:7777. I've tried every rdr, rdr-to, nat-to, nat on combo I came across and none of them seem to work. Could someone please point me in the right direction on how to do this? What would the rules look like in my pf.conf/anchor file?
 

kpa

Beastie's Twin

Reaction score: 1,820
Messages: 6,318

I've been searching high and low for days and I'm 100% stuck with pf. Essentially I want to take all of my local, outbound HTTP/S traffic and redirect it to a local proxy on 127.0.0.1:7777. I've tried every rdr, rdr-to, nat-to, nat on combo I came across and none of them seem to work. Could someone please point me in the right direction on how to do this? What would the rules look like in my pf.conf/anchor file?
PF can not redirect traffic that originates from the host itself because the routing decision for the traffic has been already made by the time it gets to the filter. It's a FreeBSD specific limitation that does not exist on OpenBSD's PF for example.
 
OP
danramosd

danramosd

New Member


Messages: 4

PF can not redirect traffic that originates from the host itself because the routing decision for the traffic has been already made by the time it gets to the filter. It's a FreeBSD specific limitation that does not exist on OpenBSD's PF for example.
Do you know of another way to redirect all my local outbound HTTP traffic?
 

storvi_net

Active Member

Reaction score: 25
Messages: 133

Where does the traffic come from? Do you have to enforce this, or do you just want it?

In you browser you could set the proxy manually. In your shell you can use the variable http_proxy by setenv http_proxy=127.0.0.1:7777.

Regards,

Markus
 
OP
danramosd

danramosd

New Member


Messages: 4

Where does the traffic comes from? Do you have to enforce this, or do you just want it?

In you Browser you could set the proxy manually.
In your Shell you can use the variable http_proxy by setenv http_proxy=127.0.0.1:7777

Regards
Markus
Traffic will mainly be the browser but ideally this should work with all HTTP requests. I can get the http_proxy to work with no problem, but my next issue is that this is an ad hoc network. I'm no network/system admin but from what I can tell ad hoc networks use mDNS, so the DNS lookup is skipped which leaves all HTTP requests to return 'host unknown'. Is there a relatively easy way to do this when under an ad hoc network?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 8,919
Messages: 33,312

I'm no network/system admin but from what I can tell ad hoc networks use mDNS, so the DNS lookup is skipped which leaves all HTTP requests to return 'host unknown'. Is there a relatively easy way to do this when under an ad hoc network?
I haven't used it myself but have a look at dns/nss_mdns.
 

gqgunhed

Active Member

Reaction score: 37
Messages: 143

Just to clarify it a little bit: by saying local traffic you mean traffic originating from localhost, not traffic going through your host from the ad hoc local network, right?
 

J65nko

Well-Known Member

Reaction score: 127
Messages: 453

From Firefox you can also force the DNS requests to go through the remote proxy. You have to set this manually by typing about:config and set network.proxy.socks_remote_dns;true
 
Top