PF redirect to another IP on LAN
Hi I've just successfully configured an OpenBSD bridge with two NICs to separate and filter traffic between our private LAN (192.168.1.0/24) and our router (192.168.1.120). I've given an IP address to one of the NICs (192.168.1.121) on the bridge and am running a Bind caching nameserver on it. Now, the next thing we'd need to do would be to redirect any traffic that comes throught the bridge destined to IP address 192.168.1.121 port 80 to another server in the LAN (192.168.1.103 port 80). From what i understand, this entails using PF and the rdr statement. Any ideas on how to do this successfully? Thanks. -- Elaconta.com webmaster --
Re: PF redirect to another IP on LAN
man pf.conf Secondly, it's been discussed numerous times on the list that bridges have their place (I use them in production environments at our data centre) but you'll find filtering a bridge much more difficult than filtering a NAT. On 7/29/06, elaconta.com Webmaster [EMAIL PROTECTED] wrote: Hi I've just successfully configured an OpenBSD bridge with two NICs to separate and filter traffic between our private LAN (192.168.1.0/24) and our router (192.168.1.120). I've given an IP address to one of the NICs (192.168.1.121) on the bridge and am running a Bind caching nameserver on it. Now, the next thing we'd need to do would be to redirect any traffic that comes throught the bridge destined to IP address 192.168.1.121 port 80 to another server in the LAN (192.168.1.103 port 80). From what i understand, this entails using PF and the rdr statement. Any ideas on how to do this successfully? Thanks. -- Elaconta.com webmaster --
Re: PF redirect to another IP on LAN
Peter Blair escreveu: man pf.conf Secondly, it's been discussed numerous times on the list that bridges have their place (I use them in production environments at our data centre) but you'll find filtering a bridge much more difficult than filtering a NAT. On 7/29/06, elaconta.com Webmaster [EMAIL PROTECTED] wrote: Hi I've just successfully configured an OpenBSD bridge with two NICs to separate and filter traffic between our private LAN (192.168.1.0/24) and our router (192.168.1.120). I've given an IP address to one of the NICs (192.168.1.121) on the bridge and am running a Bind caching nameserver on it. Now, the next thing we'd need to do would be to redirect any traffic that comes throught the bridge destined to IP address 192.168.1.121 port 80 to another server in the LAN (192.168.1.103 port 80). From what i understand, this entails using PF and the rdr statement. Any ideas on how to do this successfully? Thanks. -- Elaconta.com webmaster -- Wouldn't this do the trick? rdr on rl1 proto tcp from any to 192.168.1.121 port 80 - 192.168.1.103 This bridge has IP address 192.168.1.121 configured in one of the NIC's, so isn't the above like saying: Redirect any port 80 traffic originally meant for me to 192.168.1.103 Or is there something i'm not considering here? -- Elaconta.com webmaster --
Re: PF redirect to another IP on LAN
Wouldn't this do the trick? rdr on rl1 proto tcp from any to 192.168.1.121 port 80 - 192.168.1.103 Redirect any port 80 traffic originally meant for me to 192.168.1.103 Yes, but why are you asking if you already have the answer? As stated in the man page, your traffic will also need to pass filter evaluation AFTER the redirect rule is processed. Can't you just test that line? Kian
Re: PF redirect to another IP on LAN
Kian Mohageri escreveu: Wouldn't this do the trick? rdr on rl1 proto tcp from any to 192.168.1.121 port 80 - 192.168.1.103 Redirect any port 80 traffic originally meant for me to 192.168.1.103 Yes, but why are you asking if you already have the answer? As stated in the man page, your traffic will also need to pass filter evaluation AFTER the redirect rule is processed. Can't you just test that line? Kian If i knew that was the correct answer, of course i wouldn't have asked :) As for passing the filter evaluation, i'll disable the PF filters and test just this redirecting rule then. Thanks. - Elaconta.com webmaster -
