# RDR all internal 80 to local server



## hac3ru (Oct 28, 2013)

How can I do this? 

I want to take all traffic on port 80 and redirect it to 192.168.5.5:80 (which is a local WebServer). I was thinking about a local DNS server which will do this but... Google didn't help. 

Thanks in advance.


----------



## J65nko (Oct 28, 2013)

You can do this kind of thing with 'rdr' statement in a pf.conf(5) firewall rule set.


----------



## SirDice (Oct 28, 2013)

J65nko said:
			
		

> You can do this kind of thing with 'rdr' statement in a pf.conf(5) firewall rule set.



Just keep in mind that you cannot bounce traffic out the same interface it came in on.



> Redirections cannot reflect packets back through the interface they arrive on, they can only be redirected to hosts connected to different interfaces or to the firewall itself.


----------



## hac3ru (Oct 28, 2013)

SirDice said:
			
		

> Just keep in mind that you cannot bounce traffic out the same interface it came in on.



That's why I can't use RDR.... The web server is on the same network with the other computers.


----------



## kpa (Oct 28, 2013)

In that case the traffic from the clients never even hits the gateway because the traffic is completely local to the LAN. Separate the web server to a DMZ network and you can use a redirection on the gateway.


----------



## hac3ru (Oct 28, 2013)

Okay my bad. I want to redirect traffic that is targeting the Internet on port 80, not the local network.
I want to redirect an user that is trying to access FreeBSD.org to 192.168.5.5:80


----------



## SirDice (Oct 28, 2013)

You may be able to pull it off by redirecting everything to a proxy server running on localhost. The proxy server would then connect back to 192.168.5.5.


----------



## hac3ru (Oct 28, 2013)

Could you provide more information about how this can be achieved?


----------



## hac3ru (Oct 30, 2013)

I have added an extra NIC on the server. I have configured it on server-side with a static IP (192.168.133.1) with netmask 255.255.255.240. I have configured the web server with static IP 192.168.133.5, same netmask, gateway 192.168.133.1. I can ping from one to another but I can't seem to get the redirecting to work. Here is what I tried:

```
rdr on $int_if proto tcp from $internal_addr to $self_addr port 80 -> 192.168.133.5 port 80 

#pass area
Pass quick from any to 192.168.133.5
pass quick from 192.168.133.5 to any
```
No luck there.
I tried to do a nat and a rdr 
	
	



```
nat on $int_if from 192.168.133.5 to any -> $int_if
<<same rdr>>
<<same pass>>
```
Still no luck. Any ideas?


----------

