# redirect web traffic from one ip to another



## alexus (Feb 25, 2014)

Hello)

I'm trying to figure out how to redirect web traffic from one IP to another, now I've tried natd and ipnat w/out any luck((

natd


```
root@fx:~ # cat /etc/ipnat.rules 
rdr bce0 AA.BB.CC.DD/32 port 80 -> DD.CC.BB.AA/32 port 80 tcp
root@fx:~ #
```

ipnat


```
root@fx:~ # cat /etc/natd.conf 
redirect_port tcp DD.CC.BB.AA:80 AA.BB.CC.DD:80
root@fx:~ #
```

Any ideas what am I doing wrong?


----------



## wblock@ (Feb 25, 2014)

In modern setups, this is normally done in the firewall.


----------



## alexus (Feb 25, 2014)

Would you mind providing an example of how rule would look like using firewall?


----------



## wblock@ (Feb 25, 2014)

Let's make sure I understand your original post correctly.  You want incoming HTTP requests to be redirected to a separate machine inside the LAN, right?  For PF:

```
webserver="10.10.10.10"
...
rdr on $ext_if proto tcp from any to $external_addr port 80 -> $webserver
```


----------



## hac3ru (Feb 25, 2014)

To complete the above post, you will have to add a pass rule for the webserver. Something like:

```
pass from any to $webserver port 80 keep state
```
 If you don't, there will be some chances that the rdr will work but the server will forbid the $webserver from accepting the files.

//@kpa didn't know that. Thank you


----------



## kpa (Feb 25, 2014)

hac3ru said:
			
		

> To complete the above post, you will have to add a pass rule for the webserver. Something like:
> 
> ```
> pass from any to $webserver port 80 keep state
> ...



You can leave out the keep state from the rules, it is the default in PF if not specified.


----------

