How do I redirect ALL TCP traffic using NAT rule?



  • Hi Everyone!

    I am attempting to setup pfSense as a transparent Tor proxy but am running into some issues that I wouldn't have thought should have been issues.  What I have working now is that Tor is running on my pfSense box with TCP 80/443 and TCP/UDP 53 being transparently redirected to the Tor daemon (port 9040).

    What I would like to move to is all TCP gets redirected to the Tor daemon.  However, it appears the web GUI requires that you give a destination port range AND that range gets mapped to a range starting at your redirect port (e.g. redirecting ports 80-100 causes those ports to get mapped to 9040-9060).  This clearly doesn't work for me since I want the whole range mapped to a single port.  Admittedly I'm a complete noob when it comes to FreeBSD firewall rule syntax but the Tor transparent proxy documentation makes this look like it should be doable.

    I guess this all boils down to two questions:

    • Can I use the GUI to make the firewall rule(s) that I want?

    • If I can't, what commands can I run from my Tor start/stop script to insert the rules dynamically?

    Thank you in advance for any help!

    P.S. - If it matters, I only want the redirect to kick in for a certain source subnet like 192.168.100.0/24.


Log in to reply