|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
No redirection pass with one interface ?
Hi,
I m doing some tests with my virtualbox machine. I use a virtual machine with only one interface. (I use OpenBSD 4.6) I try to redirect all webpage to my website. But my rdr pass on... doesnt' work. Perhaps, it works with more than one interface. ? When i do pfctl -nf /etc/pf.conf : no errors i can go to my website, ping works. But redirection doesn't work for example, when i type : lynx www.google.fr, it doesn't send me to my website. can you help me ? here my pf ruleset --------------------- Code:
me="egress:network" mywebsite="www.mywebsite.com" set skip on lo set drop policy drop match in scrub all (no-df max-mss 1440) rdr pass on egress proto tcp from $me to ! $mywebsite \ port 80 -> $mywebsite port 80 block log all pass out on egress proto icmp all icmp-type { echoreq unreach } pass out on egress proto tcp from $me to $mywebsite port 80 Last edited by Simon; 5th March 2010 at 06:23 PM. Reason: more info |
|
|||
IPV4 forwarding is not enabled in my sysctl config, i use only one interface, it is not necessary to enable that.
pfctl -s rules, i can see my public address ip in rules. But my redirection still not works. |
|
||||
The section of the PF FAQ on Redirection and Reflection says (highlight mine):
Quote:
If both of those things do not help, then your next step is to trace your rules with tcpdump(8) and pflog(4), as described in the PF FAQ's chapter on logging. |
|
|||
thank you.
|
|
|||
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Sorry (to J65nko), i forget to write a line (not in the virtual machine) :
pass out on egress proto udp from $me to any port domain |
|
|||
i don't understand why it doesn't work.
my pf.conf : -------------- me="egress:network" mywebsite="www.mywebsite.com" set skip on lo set drop policy drop match in scrub all (no-df max-mss 1440) rdr pass on egress proto tcp from $me to ! $mywebsite \ port 80 -> $mywebsite port 80 block log all pass out on egress proto icmp all icmp-type { echoreq unreach } pass out on egress proto udp from $me to any port domain pass out on egress proto tcp from $me to $mywebsite port 80 |
|
|||
...After a long time...
It never works because i use the openbsd box has a workstation so there's no traffic IN (i let only out : ping, domain port, 80 (monsite)); when i use Lynx on the box, i do only traffic out, isn't it ? Conclusion: My rdr line is useless. Is there a way to accomplish what i want to do? Implement squid ? Last edited by Simon; 7th March 2010 at 07:35 AM. Reason: More info |
|
|||
To Jggimi :
I have already done "website redirection" using rdr rules with firewall for companies, it works fine. Now i want only for "test", try to do the same thing but on an OpenBSD machine as a workstation (only one interface). I tried 127.0.0.1 instead of $mywebsite, it doesn't work, i have the same mistake, the rdr line is not used. I continue to think that : It never works because i use the openbsd box has a workstation so there's no traffic IN (i let only out : ping, domain port, 80 (monsite)); when i use Lynx on the box, i do only traffic out. |
|
|||
Quote:
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Web interface for rTorrent | Beastie | FreeBSD Ports and Packages | 0 | 24th August 2009 11:53 AM |
PF rdr pass question | nimnod | FreeBSD General | 2 | 1st May 2009 08:55 PM |
NAT with only one interface | zapov | General software and network | 4 | 16th February 2009 03:45 AM |
Redirection | c0mrade | Other BSD and UNIX/UNIX-like | 1 | 11th July 2008 05:19 AM |
Web interface for pf? | windependence | OpenBSD Security | 4 | 20th May 2008 03:58 AM |