FirewallBuilder

Another useful class of destination translation rule is the one that does redirection. A rule like this makes the firewall send matching packets to itself, usually on a different port. This rule can be used to set up a transparent proxy. To set up a redirection rule in Firewall Builder, place the firewall object or one of its interfaces in Translated Destination. Here is an example:

Figure 14.82. 

And here is what is generated for iptables:

# Rule 0 (NAT)
# 
$IPTABLES -t nat -A PREROUTING  -p tcp -m tcp  -s 172.16.22.0/24 \
     --dport 80 -j REDIRECT --to-ports 3128 
     

Iptables uses special target REDIRECT for this kind of redirection.

For PF we get this:

# Rule  0 (NAT)
# 
rdr proto tcp from 172.16.22.0/24 to any port 80 -> 127.0.0.1 port 3128 
#