Bridge and RDR HowTo ?

dvserg

Hi
I have bridged pfsense (Wan/Lan). For redirect incoming traffic to lo0 (loopback) proxy port, by google, need use rules with routing:

rdr on rl1 proto tcp from LAN_SUBNET to !LAN_SUBNET port 80 -> 127.0.0.1 port 3128
pass in log quick on $lan route-to {lo0 127.0.0.1} proto tcp from any to 127.0.0.1 port 3128

With tcpdump on lo0 i look only sync tcp packets. In states also sync:Closed
How i mean - lo0 get http packets, and nothing ..
Pls help - what may be ? Why i can't see established TCP connections to 127.0.0.1:3128 ?

eri--

Do you have a default gateway configured and ip_forward sysctl active?

dvserg

pfSense 1.2.2

sysctl net.inet.ip.forwarding

net.inet.ip.forwarding: 1

ifconfig

xl0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=9 <rxcsum,vlan_mtu>ether 00:03:99:88:61:b8
	inet 62.183.35.154 netmask 0xfffffffc broadcast 62.183.35.155
	inet6 fe80::203:99ff:fe88:61b8%xl0 prefixlen 64 scopeid 0x1 
	media: Ethernet autoselect (none)
	status: no carrier
rl0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
	options=8 <vlan_mtu>ether 00:c1:28:01:0f:f3
	inet6 fe80::2c1:28ff:fe01:ff3%rl0 prefixlen 64 scopeid 0x2 
	inet 10.62.0.2 netmask 0xffffff00 broadcast 10.62.0.255
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
rl1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
	options=8 <vlan_mtu>ether 4c:00:10:50:a3:0f
	inet6 fe80::4e00:10ff:fe50:a30f%rl1 prefixlen 64 scopeid 0x3 
	inet 10.62.0.3 netmask 0xffffff00 broadcast 10.62.0.255
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
plip0: flags=108810 <pointopoint,simplex,multicast,needsgiant>metric 0 mtu 1500
pfsync0: flags=41 <up,running>metric 0 mtu 1460
	pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 
enc0: flags=0<> metric 0 mtu 1536
pflog0: flags=100 <promisc>metric 0 mtu 33204
bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	ether f2:7d:cd:3c:f1:26
	id 00:03:99:88:61:b8 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
	root id 00:03:99:88:61:b8 priority 32768 ifcost 0 port 0
	member: rl0 flags=1e7 <learning,discover,stp,edge,autoedge,ptp,autoptp>port 2 priority 128 path cost 55 proto rstp
	        role designated state forwarding
	member: rl1 flags=1e7 <learning,discover,stp,edge,autoedge,ptp,autoptp>port 3 priority 128 path cost 55 proto rstp
	        role designated state forwarding</learning,discover,stp,edge,autoedge,ptp,autoptp></learning,discover,stp,edge,autoedge,ptp,autoptp></up,broadcast,running,simplex,multicast></promisc></up,loopback,running,multicast></up,running></pointopoint,simplex,multicast,needsgiant></full-duplex></vlan_mtu></up,broadcast,running,promisc,simplex,multicast></full-duplex></vlan_mtu></up,broadcast,running,promisc,simplex,multicast></rxcsum,vlan_mtu></up,broadcast,running,simplex,multicast> 

WAN 10.62.0.2 Gateway 10.62.0.1

dvserg

This is RDR success worked
(RDR from LAN to 127.0.0.1 proxy port)

rdr on rl1 proto tcp from any to (rl1) port 3128 -> lo0 port 3128

Proxy on lo0 success receive packets.

If packets from first my post will redirected  to 127.0.0.1, then
'pfctl -s rules -v' show, what packets moved to lo0 port 3128, but proxy program not get packets from firewall .  ???