PF Redirect all traffic from ip to another

barrandrea

barrandrea

Hi,
i need to redirect all traffic from a private ip address attested on a local interface, to a public ip address.

The old configuration with iptables it's something like this

Code: 
iptables:-A PREROUTING -d $private_ip/32 -i $int_if -j DNAT --to-destination $public_ip
iptables:-A PREROUTING ! -d $private_ip/30 -i $int_if -p tcp -m tcp --dport 80 -j NOTRACK

I've tried something with rdr in pf configuration but it won't work

Code: 
rdr pass log proto {tcp udp} from any to any port 1:10000 -> $public_ip
pass out quick log proto {tcp udp} from any to $public_ip flags S/SA keep state

Someone can help me?
 
Note:
Code: 
     Translation rules apply only to packets that pass through the specified
     interface, and if no interface is specified, translation is applied to
     packets on all interfaces.  For instance, redirecting port 80 on an
     external interface to an internal web server will only work for
     connections originating from the outside.  Connections to the address of
     the external interface from local hosts will not be redirected, since
     such packets do not actually pass through the external interface.
     [b]Redirections cannot reflect packets back through the interface they
     arrive on, they can only be redirected to hosts connected to different
     interfaces or to the firewall itself.[/b]
From pf.conf(5).
 
SirDice said:
Note:
Code: 
     Translation rules apply only to packets that pass through the specified
     interface, and if no interface is specified, translation is applied to
     packets on all interfaces.  For instance, redirecting port 80 on an
     external interface to an internal web server will only work for
     connections originating from the outside.  Connections to the address of
     the external interface from local hosts will not be redirected, since
     such packets do not actually pass through the external interface.
     Redirections cannot reflect packets back through the interface they
     arrive on, they can only be redirected to hosts connected to different
     interfaces or to the firewall itself.
From pf.conf(5).
Click to expand...

Ok, I'm not sure I completely understand what you means but if I'm not wrong i can't do this thing with pf. Maybe I can try with redir?
 
Do you mean all traffic from the internal machine should appear to come from a specific public IP? NAT?

Code: 
$extIf="em0"
$myHost="192.168.1.1"
$externIp="n.n.n.n"

nat on $extIf from $myHost to any -> $externIp
 
lostpacket said:
Do you mean all traffic from the internal machine should appear to come from a specific public IP? NAT?

Code: 
$extIf="em0"
$myHost="192.168.1.1"
$externIp="n.n.n.n"

nat on $extIf from $myHost to any -> $externIp
Click to expand...

Nat can be the solution. Tomorrow I'll try. Thanks in advance
 
You must log in or register to reply here.
Back
Top