On Sun, Apr 16, 2023 at 5:30 AM Charlie <[email protected]> wrote:
> I want to share the access to this proxy server on my OpenBSD machine > with other systems in my home network. So basically what I want is to > open a 1080 port on the OpenBSD server and redirect it to the local > VPN address 10.64.0.1. I have been successful in doing so with the > help of the "socat" program: > > $ socat tcp-listen:1080,bind=192.168.1.10,reuseaddr,fork \ > tcp:10.64.0.1:1080 > > I would very much like to replace the above command with pf rule(s). > All the combinations I tried with "rdr-to", "nat-to", "divert-to", > "synproxy state", etc. did not work. Could someone kindly point me in > the right direction (pun intended)? > I suspect you need something like this: pass in on re0 from any to (re0) port 1080 rdr-to 10.64.0.1 tag nat pass out on wg0 nat-to (wg0) tagged nat The first rule handles the forwarding, the second rule makes it so that all forwards to your SOCKS proxy appear to come from your router (which the proxy knows how to reach) rather than other systems on your home network (which the proxy might not have usable routes to send replies to). PF rules automatically set up the return path when the forward path is 'passed' so you don't need rules for those. You do need to have both inbound and outbound rules for the forward path to allow a connection to get set up. -ken
