14.3.3. Redirection rules

Another useful class of destination translation rule is the one that does redirection. A rule like this makes the firewall send matching packets to itself, usually on a different port. This rule can be used to set up a transparent proxy. To set up a redirection rule in Firewall Builder, place the firewall object or one of its interfaces in Translated Destination. Here is an example:

Figure 14.82. 


And here is what is generated for iptables:


# Rule 0 (NAT)
# 
$IPTABLES -t nat -A PREROUTING  -p tcp -m tcp  -s 172.16.22.0/24 \
     --dport 80 -j REDIRECT --to-ports 3128 
     

Iptables uses special target REDIRECT for this kind of redirection.

For PF we get this:


# Rule  0 (NAT)
# 
rdr proto tcp from 172.16.22.0/24 to any port 80 -> 127.0.0.1 port 3128 
# 

              
 

Copyright © 2000-2012 NetCitadel, Inc. All rights reserved.
 Using free CSS Templates.