Bridge and RDR HowTo ?
-
Hi
I have bridged pfsense (Wan/Lan). For redirect incoming traffic to lo0 (loopback) proxy port, by google, need use rules with routing:rdr on rl1 proto tcp from LAN_SUBNET to !LAN_SUBNET port 80 -> 127.0.0.1 port 3128
pass in log quick on $lan route-to {lo0 127.0.0.1} proto tcp from any to 127.0.0.1 port 3128With tcpdump on lo0 i look only sync tcp packets. In states also sync:Closed
How i mean - lo0 get http packets, and nothing ..
Pls help - what may be ? Why i can't see established TCP connections to 127.0.0.1:3128 ? -
Do you have a default gateway configured and ip_forward sysctl active?
-
pfSense 1.2.2
sysctl net.inet.ip.forwarding
net.inet.ip.forwarding: 1
ifconfig
xl0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=9 <rxcsum,vlan_mtu>ether 00:03:99:88:61:b8 inet 62.183.35.154 netmask 0xfffffffc broadcast 62.183.35.155 inet6 fe80::203:99ff:fe88:61b8%xl0 prefixlen 64 scopeid 0x1 media: Ethernet autoselect (none) status: no carrier rl0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500 options=8 <vlan_mtu>ether 00:c1:28:01:0f:f3 inet6 fe80::2c1:28ff:fe01:ff3%rl0 prefixlen 64 scopeid 0x2 inet 10.62.0.2 netmask 0xffffff00 broadcast 10.62.0.255 media: Ethernet autoselect (100baseTX <full-duplex>) status: active rl1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500 options=8 <vlan_mtu>ether 4c:00:10:50:a3:0f inet6 fe80::4e00:10ff:fe50:a30f%rl1 prefixlen 64 scopeid 0x3 inet 10.62.0.3 netmask 0xffffff00 broadcast 10.62.0.255 media: Ethernet autoselect (100baseTX <full-duplex>) status: active plip0: flags=108810 <pointopoint,simplex,multicast,needsgiant>metric 0 mtu 1500 pfsync0: flags=41 <up,running>metric 0 mtu 1460 pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 enc0: flags=0<> metric 0 mtu 1536 pflog0: flags=100 <promisc>metric 0 mtu 33204 bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 ether f2:7d:cd:3c:f1:26 id 00:03:99:88:61:b8 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:03:99:88:61:b8 priority 32768 ifcost 0 port 0 member: rl0 flags=1e7 <learning,discover,stp,edge,autoedge,ptp,autoptp>port 2 priority 128 path cost 55 proto rstp role designated state forwarding member: rl1 flags=1e7 <learning,discover,stp,edge,autoedge,ptp,autoptp>port 3 priority 128 path cost 55 proto rstp role designated state forwarding</learning,discover,stp,edge,autoedge,ptp,autoptp></learning,discover,stp,edge,autoedge,ptp,autoptp></up,broadcast,running,simplex,multicast></promisc></up,loopback,running,multicast></up,running></pointopoint,simplex,multicast,needsgiant></full-duplex></vlan_mtu></up,broadcast,running,promisc,simplex,multicast></full-duplex></vlan_mtu></up,broadcast,running,promisc,simplex,multicast></rxcsum,vlan_mtu></up,broadcast,running,simplex,multicast>WAN 10.62.0.2 Gateway 10.62.0.1
-
This is RDR success worked
(RDR from LAN to 127.0.0.1 proxy port)rdr on rl1 proto tcp from any to (rl1) port 3128 -> lo0 port 3128Proxy on lo0 success receive packets.
If packets from first my post will redirected to 127.0.0.1, then
'pfctl -s rules -v' show, what packets moved to lo0 port 3128, but proxy program not get packets from firewall . ???