# Forwarding tcp 80 to 3128 proxy



## KeresContorni (Mar 30, 2011)

I prepared a router with FreeBSD with two network interfaces:

- rl0 -> Ethernet diretta ADSL (IP: 192.168.1.101);
- ral0 -> shceda wifi HostAP (IP: 192.168.2.1).

In /etc/sysctl.conf file I put:

```
net.inet.ip.forwarding=1
```

In /etc/rc.conf file I put:

```
defaultrouter="192.168.1.1"
gateway_enable="YES"
hostname="marylin.it2000.it"
ifconfig_rl0="inet 192.168.1.101  netmask 255.255.255.0"
wlans_ral0="wlan0"
create_args_wlan0="wlanmode hostap"
ifconfig_wlan0="inet 192.168.2.1 netmask 255.255.255.0 ssid WiFiZone mode 11g channel 5"
```

I have installed DHCP server for WiFi:
`# cd /usr/ports/net/isc-dhcp41-server`
`# make`
`# make install`
`# mv /usr/local/etc/dhcpd.conf /usr/local/etc/dhcpd.conf.orig`

In /usr/local/etc/dhcpd.conf file I put:

```
option domain-name		"it2000.it";
option domain-name-servers	208.67.222.222;
default-lease-time		3600;
max-lease-time			84600;
ddns-update-style		ad-hoc;
subnet 192.168.2.0 netmask 255.255.255.0 {
	range			192.168.2.2 192.168.2.254;
	option routers		192.168.2.1;
}
```

In /etc/rc.conf file I put:

```
dhcpd_enable="YES"
dhcpd_ifaces="wlan0"
```

I changed kernel configuration for PF:
`# cp /usr/src/sys/i386/conf/GENERIC /usr/src/sys/i386/conf/FIREWALL`

In  /usr/src/sys/i386/conf/FIREWALL file I put:

```
device          pf
device          pflog
device          pfsync
```

I have build a new custom kernel:
`# cd /usr/src`
`# make buildkernel KERNCONF=FIREWALL`
`# make installkernel KERNCONF=FIREWALL`
`# reboot`

In /etc/pf.conf file I put:

```
ext_if = "rl0"
int_if = "wlan0"
internal_net = "192.168.2.0/24"
table <firewall> const { self }
scrub all reassemble tcp fragment reassemble
nat on $ext_if from $internal_net to any -> ($ext_if)
block drop log all
pass out quick on $ext_if inet proto udp from ($ext_if) to any port { 53, 123 } keep state
pass out quick on $ext_if inet proto tcp from ($ext_if) to any port { 80, 443 } flags S/SA keep state
pass in quick on $int_if inet proto tcp from $internal_net to !<firewall> flags S/SA modulate state
pass in quick on $int_if inet proto udp from $internal_net to !<firewall> keep state
```

In /etc/rc.conf file I put:

```
pf_enable="YES"
pflog_enable="YES"
pf_rules="/etc/pf.conf"
pflog_logfile="/var/log/pflog"
```

Reboot and it's OK!

Now I want to route all packets from WiFi port 80 to my internal proxy server (192.168.1.102) and then proxy to the Internet and back to the WiFi client. How can I do this in PF configuration?

Thanks!


----------



## SirDice (Mar 30, 2011)

```
rdr on $int_if from any to any port 80 -> 192.168.1.102 port 3128
```


----------

