# How to redirect ports (not forward)



## Anonymous (Feb 28, 2010)

On my network I want users to connect to my gateway and then redirect all of their HTTP traffic to my own custom server on another port where they have to login. How to I redirect all traffic destined for port 80 to the port my application is running on the local gateway?


----------



## DutchDaemon (Feb 28, 2010)

Something straightforward like this? If you mean http traffic to the gateway, that is, not to anywhere.


```
rdr pass on $int_if inet proto tcp from $lan to $int_if port 80 -> $int_if port 8000
```


----------



## Anonymous (Feb 28, 2010)

I'm trying to get it to where ANY of their http traffic will be redirected to my server. My school does this, when you connect to their wireless network and type in google.com, facebook.com, etc your browser is redirected to their own http server where you have to login. I want to do the exact same thing.

Something like


```
rdr pass on $int_if inet proto tcp from $lan to <I don't know what would go here> port 80 -> <localhost?> port 8000
```


----------



## DutchDaemon (Feb 28, 2010)

To catch all destinations, simply use 'any'. So what happens *after* you log in? You will still be redirected by that generic rdr rule, unless you do stuff with dynamically updated tables and separate 'no rdr' rules for authenticated users.


----------



## Anonymous (Feb 28, 2010)

Thanks Dutch. Yeah Ill have to update the tables to allow the ip address they logged in from to bypass the server. Python will probably help here. Now I just need to figure out how to setup pf instead of ipfw.


----------



## Anonymous (Feb 28, 2010)

To use pf with NAT can I just replace 

```
gateway_enable="YES" 
firewall_enable="YES" 
firewall_type="OPEN" 
natd_enable="YES"
natd_interface="fxp0" 
natd_flags=""
```
with

```
gateway_enable="YES" 
pf_enable="YES"
natd_enable="YES"
natd_interface="fxp0" 
natd_flags=""
```
Does firewall_type="OPEN" only apply to ipfw or do I need to leave it or replace it with some pf equivalent? And what about loader.conf, what do I do about

```
ipfw_load="YES"
ipdivert_load="YES"
```


----------



## DutchDaemon (Feb 28, 2010)

Remove natd. PF handles NAT itself. All firewall_*, ipfw_* and ipdivert-* type settings are unneeded as well. If your ruleset is in the default location (/etc/pf.conf), all you need is pf_enable and maybe pflog_enable (so you can troubleshoot pf rules with the log keyword).


----------

