Good news is I have some progress and it seems to work like this:
# Begin NAT & RDR rules
# For the dns jail
nat on $JaIf proto {tcp,udp} from !($JaIf) to $JaIf port domain tag NAT_DNS
-> $jdns port domain
nat on $JaIf proto {tcp,udp} from $jdns to !($JaIf) port domain tag NAT_DNS
-> $JaIf port domain
# For the privoxy jail
nat on $JaIf proto tcp from !($JaIf) to $JaIf port 8118 tag NAT_PRVX ->
$jprvx port 8118
nat on $JaIf proto tcp from $jprvx to !($JaIf) port 80 tag NAT_PRVX ->
$JaIf port 80
Now the bad news:
1. "nat pass in/out quick on <interface>" gives syntax error - probably my
misunderstanding of your message content
2. Unless the client's /etc/resolv.conf for dns and proxy settings from
browser are changed, packets are not "forced" into the jailed proxy
structure. I will have to place pass/block filters on ExtIf, and each client
will have to make adjustment to their machine. I don't get a "silent
redirect" for these packets, UNLESS I tested incorrectly.
Regards.
-----
FreeBSD-11-current_amd64_root-on-zfs_RadeonKMS
--
View this message in context:
http://freebsd.1045724.n5.nabble.com/NAT-RDR-rules-for-jailed-proxy-services-tp5869777p5870346.html
Sent from the freebsd-pf mailing list archive at Nabble.com.
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
