Another useful class of destination translation rule is the one that does redirection. A rule like this makes the firewall send matching packets to itself, usually on a different port. This rule can be used to set up a transparent proxy. To set up a redirection rule in Firewall Builder, place the firewall object or one of its interfaces in Translated Destination. Here is an example:
And here is what is generated for iptables:
# Rule 0 (NAT) # $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 172.16.22.0/24 \ --dport 80 -j REDIRECT --to-ports 3128
Iptables uses special target REDIRECT for this kind of redirection.
For PF we get this:
# Rule 0 (NAT) # rdr proto tcp from 172.16.22.0/24 to any port 80 -> 127.0.0.1 port 3128 #
Copyright © 2000-2012 NetCitadel, Inc. All rights reserved.
Using free CSS Templates.