Solved Redirection rules arguments

X

Xoris01

Hello

I have been using long time FreeBSD for 2 importants machines in my works (the firewall and the Gateway).

I not found a solution.
I want create rules like that :
Code: 
rdr pass log(all) proto tcp from $computer1 to { !$LAN1 [I]AND[/I] !$LAN2 } port 80 -> $PROXY port 3128

But I don't find solution to translate the AND in pf command. Is-it possible ?

I want redirect all trafic from COMPUTER1 to the PROXY machine except the request for LAN1 or LAN2.
Have you a solution ?

Thank you for your help
 
Thanks you for your response

It doesn't works

Code: 
rdr pass log(all) proto tcp from { 192.168.8.10 } to ! { $LAN_CHE $LAN_EXT } port 443 -> 127.0.0.1 port 3129

When i restart pf :
Code: 
Enabling /pf.conf:88: syntax error
pfctl: Syntax error in config file: pf rules not loaded

The line 88 it's this rule line
 
You're missing a comma; { $LAN_CHE , $LAN_EXT }

Pro tip: Check the syntax before loading your rules: pfctl -nf /etc/pf.conf
 
It's same result :

Code: 
rdr pass log(all) proto tcp from { 192.168.8.10 } to ! {$LAN_CHE, $LAN_EXT} port 443 -> 127.0.0.1 port 3129
pfctl -nf pf.conf
pf.conf:88: syntax error

The only syntax who is accepted are :


Code: 
rdr pass log(all) proto tcp from { 192.168.8.10 } to  {!$LAN_CHE, !$LAN_EXT} port 443 -> 127.0.0.1 port 3129

but isn't the good rules.
Is it possible to create the rule that i need ?

PS : FreeBSD 10.4-RELEASE-p8
 
You want:


Code: 
no rdr proto tcp from { 192.168.8.10 } to  {$LAN_CHE $LAN_EXT} port 443
rdr pass log(all) proto tcp from { 192.168.8.10 } to  any port 443 -> 127.0.0.1 port 3129

The no rdr rule is similar to a ‘quick’ — as soon as it matches, it skips the rest of the rdr rules.
 
You must log in or register to reply here.
Back
Top