Redirect Port in pf.conf

Other team need to access absence url from outside, system need to be setup not more than 10 minutes.

How to reach lan from public access and lock it to specified public ip address only ?

Using redirection is the fastest solution.

For illustration :

We have 3 computer, A, B and C. Each computer has specification.

Computer A, has ip address :

Public : 222.124.4.111

Computer B, has ip address :

Public : 222.124.4.222

Local : 172.88.1.1

Computer C, has ip address :

Local : 172.88.1.10 ( where absence script, apache etc reside)

Objective :

User type address, http://222.124.4.111:8081 and they will get same page as they were access

http://www.oldaddress.com from lan.

Preparation :

Login to computer B via putty and open pf.conf using ee or another editor.

#ee pf.conf

Snippet of pf.conf for that purpose (redirection) :

///////////////////////////////////=============pf.conf==================

#specify interface

EXT = "fxp0"
INT = "em0"

#variable declaration
ip_hosting="222.124.4.222"
ip_lan="172.88.1.10"
ip_public="222.124.4.111"

LAN_clients = "172.88.0.0/16"

TCP_OPTIONS = "flags S/SAFRUP keep state"
icmp_types="echoreq"

set loginterface $EXT
scrub in on $EXT all

rdr on $EXT proto tcp from $ip_public to $ip_hosting port 8081 -> $ip_lan port 80

///////////////////////////////////=============pf.conf==================

save the file.

Stop pf (pfctl -d)

Enable pf again (pfctl -e -f /etc/pf.conf)

Done?

Why I still can’t see the page?

Well, perhaps in computer C you have to set route for lan access to computer B.

just delete existing route will do that magic 🙂

#route delete default

#route add default 172.88.1.1

Common problem that I see when I try this method is forget to check the route 🙂

Testing

Just ask user to test, good luck.

Happy redirecting 😉

Tags: