In previous articles, we saw the basic concepts about PF and how to NAT . This time we will see how to redirect ports to the internal network.
The scenario is exactly the same as in the article on NAT in PF , we have only added the port redirection rules.
vi /etc/pf.conf
ext_if = "em0"
int_if = "em1"
localnet = $int_if:network
set block-policy return
scrub in on $ext_if all fragment reassemble
set skip on lo
nat on $ext_if from $localnet to any -> ($ext_if)
rdr pass inet proto tcp from any to ($ext_if) port 25 -> 127.0.0.1 port 2525
rdr pass inet proto tcp from any to ($ext_if) port 2222 -> 192.168.1.2 port 22
antispoof for $ext_if inet
block log all
pass from $localnet
block from $localnet to ($ext_if)
block from $localnet to ($int_if)
pass out
pass in proto tcp to any port 22
Reload the configuration:
pfctl -f /etc/pf.conf