route-to/rdr

B

bbzz

I want to redirect locally originated packets from external interface to lo0 interface (with port redirection), and then proxy new connection from lo0 out of external interface.

Specifically, I want locally originated packets going to port 80 to go to lo0 interface port 8080. Proxy at 8080 should then connect to original ip port 80.

For some reason it's proving to be harder than it should be. The rules:

Code: 
rdr on lo0 proto tcp to port 80 -> lo0 8080
pass out on $ext_if route-to (lo0 127.0.0.1) proto tcp from $ext_if to port 80

The idea is to force reentry on lo0 and do redirection.

tcpdump shows same packet looping until TTL expires. I don't see redirection to port 8080.

What's missing? I can do this with iptables.

edit: This belongs to *firewalls* section, sorry.
 
Not possible on traffic leaving out on an interface. I believe it's a FreeBSD specific limitation, there's no way to change the outgoing interface of a packet once the decision has been made. You can do the route-to on incoming traffic though and it works fine.
 
Are you sure that is correct? I recall doing this long ago, I was diverting local traffic to 127.0.0.1:25.

Is there any other method that I could use to influence locally originating traffic, sort of like 'ip local policy' in cisco routers, with 'set ip next-hop' thingy?

Thanks
 
You must log in or register to reply here.
Back
Top