26.11.2012 20:40, Leslie Jensen:
Rules from pf.conf
--------------------------------------------
# macros
ext_if="xl0"
int_if="bge0"
tcp_services="{ 22, 993, 5910:5917 }"
tcp_priv_services="{ 389, 443 }"
proxy_services = "{ 21, 80 }"
icmp_types="{ echoreq unreach squench timex }"
internal_net = "172.18.0.0/16"
proxy = "172.18.0.1"
proxyport="8021"
# tables
table <goodguys> persist
table <sshguard> persist
# options
set block-policy return # ports are closed but can be seen
set loginterface $ext_if
set skip on lo0
# scrub
scrub in
rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021
# redirect www trafic to proxy
rdr on $int_if inet proto tcp from $internal_net to any port
$proxy_services -> $proxy port 8080
I could be wrong here but I think you have a loop. You are redirecting
from local interface to local interface i.e. the result of redirect is
still subject for redirect. Could you try one of the following:
1. Make this a `rdr in on $int_if`.
2. Make this a `rdr pass ... -> 127.0.0.1 port 8080`. I prefer this way
so port for transparent forwarding is unreachable except when explicitly
redirecting to it.
Personally I newer allow such ambiguity in my configs.
--
Sphinx of black quartz judge my vow.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
