14.3.3. Redirection rules

Another useful class of destination translation rule is the one that does redirection. A rule like this makes the firewall send matching packets to itself, usually on a different port. This rule can be used to set up a transparent proxy. To set up a redirection rule in Firewall Builder, place the firewall object or one of its interfaces in Translated Destination. Here is an example:

Figure 14.82. 

And here is what is generated for iptables:

# Rule 0 (NAT)
$IPTABLES -t nat -A PREROUTING  -p tcp -m tcp  -s \
     --dport 80 -j REDIRECT --to-ports 3128 

Iptables uses special target REDIRECT for this kind of redirection.

For PF we get this:

# Rule  0 (NAT)
rdr proto tcp from to any port 80 -> port 3128 


Copyright © 2000-2012 NetCitadel, Inc. All rights reserved.
 Using free CSS Templates.