View Single Post
  #2   (View Single Post)  
Old 5th March 2010
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Your redirect rule is not working for any number of reasons. One of those possibilities is requiring DNS to be operative before your rules are loaded at boot time. Look at the output of # pfctl -s rules to see if you've got the IP address resolved after a standard boot. Depending on how DNS is configured in your environment, this could be a problem.

Another possibility is that you have not enabled IPv4 packet forwarding. It's a sysctl.

I also note you are using an external IP address instead of 127.0.0.1 for your redirect. While it may work with a NIC address, you will gain greater efficiencies through the loopback interface.

Here's a real world example that only permits authenticated WiFi users (authpf, IPSec, or in a table of guest uses) to go on the web. Everyone else gets a page delivered from virtual host on the webserver with an unauthorized usage message. The syntax is a little different as this is -current:
Code:
# redirect unauthorized IP users to a local web page.  This includes both
# the approved addresses in tables, as well as IPSec traffic.
#
pass log quick proto tcp from {<authpf_users> <guests> <wired>} to any port www
pass log quick proto tcp from any to any port www tagged ipsec
pass in log quick proto tcp from $internal_net to any port www \
    rdr-to 127.0.0.1 port 8080
Reply With Quote