Difference between revisions of "Stupid pf tricks"
Jump to navigation
Jump to search
(add redirect-on-bridge(4)-untagging-and-retagging-vlans-on-the-way example (magic)) |
m (→Redirecting on a bridge(4) untagging/retagging VLANs on the way: -- oops, remove tiny screwups) |
||
Line 40: | Line 40: | ||
table <customer> { 10.70.0.0/29 } | table <customer> { 10.70.0.0/29 } | ||
− | no rdr on $ | + | no rdr on $wan_if inet proto tcp from $localhost to any port 80 |
− | rdr | + | rdr inet proto tcp from any to any port 80 -> ($wan_if) port 8008 |
pass in quick on $vlan_if route-to ( lo0 127.0.0.1 ) proto tcp from <customer> to ($wan_if) port 8008 | pass in quick on $vlan_if route-to ( lo0 127.0.0.1 ) proto tcp from <customer> to ($wan_if) port 8008 |
Revision as of 16:28, 5 October 2007
"pf proxy"
(Customer) <--> [E](pf proxy)[I] <--> (Destination:D)
- Note.. this is awful. You've been warned.
- E: "ext_if", customer-facing interface, IP: 1.2.3.4
- I: "int_if", destination-facing interface, IP: 2.3.4.5
- D: destination IP: 5.6.7.8
ext_if="fxp0" int_if="fxp1" dest_real="5.6.7.8" dest_fake="2.3.4.5" rdr on $ext_if from any to $dest_fake -> $dest_real nat on $int_if from any to $dest_real -> ($int_if)
ORDER OF rdr/nat RULES IS IMPORTANT, SOMEHOW.
Redirecting on a bridge(4) untagging/retagging VLANs on the way
- fxp0: LAN-facing
- fxp1: WAN-facing, valid ("routable") IP: 10.80.0.2/24
- vlan150: vlan 50 vlandev fxp0, no IP
- vlan250: vlan 50 vlandev fxp1, no IP
- bridge0: (vlan150, vlan250)
- Ruleset:
lan_if="fxp0" wan_if="fxp1" vlan_if="vlan150" localhost="10.80.0.2" table <customer> { 10.70.0.0/29 } no rdr on $wan_if inet proto tcp from $localhost to any port 80 rdr inet proto tcp from any to any port 80 -> ($wan_if) port 8008 pass in quick on $vlan_if route-to ( lo0 127.0.0.1 ) proto tcp from <customer> to ($wan_if) port 8008