Difference between revisions of "Stupid pf tricks"
Jump to navigation
Jump to search
(add pf proxy) |
(add redirect-on-bridge(4)-untagging-and-retagging-vlans-on-the-way example (magic)) |
||
Line 5: | Line 5: | ||
</nowiki> | </nowiki> | ||
+ | * Note.. this is awful. You've been warned. | ||
* E: "ext_if", customer-facing interface, IP: 1.2.3.4 | * E: "ext_if", customer-facing interface, IP: 1.2.3.4 | ||
* I: "int_if", destination-facing interface, IP: 2.3.4.5 | * I: "int_if", destination-facing interface, IP: 2.3.4.5 | ||
Line 19: | Line 20: | ||
'''ORDER OF rdr/nat RULES IS IMPORTANT, SOMEHOW.''' | '''ORDER OF rdr/nat RULES IS IMPORTANT, SOMEHOW.''' | ||
+ | |||
+ | |||
+ | == Redirecting on a bridge(4) untagging/retagging VLANs on the way == | ||
+ | |||
+ | * fxp0: LAN-facing | ||
+ | * fxp1: WAN-facing, valid ("routable") IP: 10.80.0.2/24 | ||
+ | * vlan150: vlan 50 vlandev fxp0, no IP | ||
+ | * vlan250: vlan 50 vlandev fxp1, no IP | ||
+ | * bridge0: (vlan150, vlan250) | ||
+ | |||
+ | * Ruleset: | ||
+ | |||
+ | lan_if="fxp0" | ||
+ | wan_if="fxp1" | ||
+ | vlan_if="vlan150" | ||
+ | |||
+ | localhost="10.80.0.2" | ||
+ | |||
+ | table <customer> { 10.70.0.0/29 } | ||
+ | |||
+ | no rdr on $wan_____if inet proto tcp from $localhost to any port 80 | ||
+ | rdr on $vlan_if inet proto tcp from any to any port 80 -> ($wan_if) port 8008 | ||
+ | |||
+ | pass in quick on $vlan_if route-to ( lo0 127.0.0.1 ) proto tcp from <customer> to ($wan_if) port 8008 |
Revision as of 16:26, 5 October 2007
"pf proxy"
(Customer) <--> [E](pf proxy)[I] <--> (Destination:D)
- Note.. this is awful. You've been warned.
- E: "ext_if", customer-facing interface, IP: 1.2.3.4
- I: "int_if", destination-facing interface, IP: 2.3.4.5
- D: destination IP: 5.6.7.8
ext_if="fxp0" int_if="fxp1" dest_real="5.6.7.8" dest_fake="2.3.4.5" rdr on $ext_if from any to $dest_fake -> $dest_real nat on $int_if from any to $dest_real -> ($int_if)
ORDER OF rdr/nat RULES IS IMPORTANT, SOMEHOW.
Redirecting on a bridge(4) untagging/retagging VLANs on the way
- fxp0: LAN-facing
- fxp1: WAN-facing, valid ("routable") IP: 10.80.0.2/24
- vlan150: vlan 50 vlandev fxp0, no IP
- vlan250: vlan 50 vlandev fxp1, no IP
- bridge0: (vlan150, vlan250)
- Ruleset:
lan_if="fxp0" wan_if="fxp1" vlan_if="vlan150" localhost="10.80.0.2" table <customer> { 10.70.0.0/29 } no rdr on $wan_____if inet proto tcp from $localhost to any port 80 rdr on $vlan_if inet proto tcp from any to any port 80 -> ($wan_if) port 8008 pass in quick on $vlan_if route-to ( lo0 127.0.0.1 ) proto tcp from <customer> to ($wan_if) port 8008