View Single Post
  #3   (View Single Post)  
Old 19th June 2019
junk's Avatar
junk junk is offline
Port Guard
 
Join Date: Jun 2018
Posts: 12
Default

I've tested both, here's the output:

Code:
pass in on $int_if1 inet proto tcp from $client to $int_if1 port 8080 rdr-to $server port 80 no state
pass out on $int_if1 inet proto tcp to $server port 80 received-on $int_if1 nat-to $int_if2

test# pfctl -nf /etc/pf.conf
/etc/pf.conf:1: nat-to and rdr-to require keep state
/etc/pf.conf:1: skipping rule due to errors
/etc/pf.conf:1: rule expands to no valid combination
Code:
pass in on $int_if1 inet proto tcp from $client to $int_if1 port 8080 rdr-to $server port 80
match out on $int_if1 inet proto tcp to $server port 80 nat-to $int_if2

test# tcpdump -n -i re1 port 80
tcpdump: listening on rl1, link-type EN10MB
00:48:26.814606 192.168.0.3.32836 > 192.168.1.2.80: S 2731610042:2731610042(0) win 16384 <mss 1440,nop,nop,sackOK,nop,wscale 6,nop,nop,timestamp 2862910124 0>
00:48:27.086607 192.168.0.3.5015 > 192.168.1.2.80: S 3391433507:3391433507(0) win 16384 <mss 1440,nop,nop,sackOK,nop,wscale 6,nop,nop,timestamp 3308540081 0>
00:48:31.621346 192.168.0.3.16056 > 192.168.1.2.80: S 1418429462:1418429462(0) win 16384 <mss 1440,nop,nop,sackOK,nop,wscale 6,nop,nop,timestamp 1283736596 0>
00:48:31.875904 192.168.0.3.20977 > 192.168.1.2.80: S 840544532:840544532(0) win 16384 <mss 1440,nop,nop,sackOK,nop,wscale 6,nop,nop,timestamp 1452155539 0>
Reply With Quote