# rdr incoming port 80 traffic to localhost:8080



## jaxsin (Apr 30, 2014)

FreeBSD 9.2

I am running a proxy server made with node.js that will handle a few websocket app_lication_s I am creating. With node, you can run the server as a normal user as long as the port is not 80 otherwise you need to run it as root. I would like to redirect incoming port 80 traffic to localhost:8080 so that way I can avoid running the application as root for security purposes (or my perceived security of running app_lication_s as user to avoid root). I tried to look into the solution but have become more confused about how to or if it is even possible to do what I want with PF. I am not even sure if I need to enable a gateway for this too work. Below is where I am at with my PF configuration. 

/etc/pf.conf modified example shipped with FreeBSD 9.2

```
#       $FreeBSD: release/9.2.0/share/examples/pf/pf.conf 218854 2011-02-19 14:57:00Z brucec $
#       $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $
#
# See pf.conf(5) and /usr/share/examples/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

########MACROS#######
ext_if="em0"

tcp_services="{ ssh www imaps }"
udp_services="{ imaps }"

set skip on lo

scrub in

#nat on $ext_if from !($ext_if) -> ($ext_if:0)
#rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
#no rdr on $ext_if proto tcp from <spamd-white> to any port smtp
#rdr pass on $ext_if proto tcp from any to any port smtp \
#       -> 127.0.0.1 port spamd

block in
pass out

pass in on $ext_if proto tcp to ($ext_if) port $tcp_services
pass in log on $ext_if proto tcp to ($ext_if) port smtp
pass out log on $ext_if proto tcp from ($ext_if) to port smtp
pass in on $ext_if inet proto icmp from any to ($ext_if) icmp-type { unreach, redir, timex }
```

/etc/rc.conf

```
hostname="tyr.coleburt.com"
ifconfig_em0="DHCP"
ifconfig_em0_ipv6="inet6 accept_rtadv"
pf_enable="YES"                 # Enable PF (load module if required)
pf_rules="/etc/pf.conf"         # rules definition file for pf
pf_flags=""                     # additional flags for pfctl startup
pflog_enable="YES"              # start pflogd(8)
pflog_logfile="/var/log/pflog"  # where pflogd should store the logfile
pflog_flags=""
sshd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
apache24_enable="YES"
mysql_enable="YES"
inetd_enable="NO"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
postfix_enable="YES"
dovecot_enable="YES"
openntpd_enable="YES"
openntpd_flags="-s"
```


----------



## SirDice (May 2, 2014)

jaxsin said:
			
		

> I would like to redirect incoming port 80 traffic to localhost:8080



This should do it:

```
rdr on $ext_if proto tcp from any to any port 80 -> 127.0.0.1 port 8080
```


----------

