Local transparent proxy OS X pf

Question

I was trying to create local transparent proxy using this pf rules:

rdr pass inet proto tcp from $Out to any port 80 -> 127.0.0.1 port 3129
pass out on $Out route-to lo0  inet proto tcp from $Out to any port 80 keep state

but the problem is that when proxy server is trying to connect to remote server(port 80) it also gets redirected creating infinite redirection loop. Is there anything i can do?

score 0 · Answer 1 · answered Nov 18 '14 at 16:58

0

Yup. Second line (first non-nat rule) isn't needed at all.

Use something like set skip on lo0 - you don't need to filter it anyway.

answered Nov 18 '14 at 16:58

drookie

8,625
1
19
29

At the beginning I thought so too, but when i remove the second line there is no redirection at all – Nonxnull Nov 19 '14 at 08:27
You are probably redirecting on wrong interface. The rdr rule must match packets from internal network to the outer world, and its better to use it with the interface. – drookie Nov 19 '14 at 09:57
i'm redirecting from only active interface which is en0 on my mac. – Nonxnull Nov 19 '14 at 10:13
What do you need to redirect packets from your own machine for ? – drookie Nov 19 '14 at 10:16
I want to use squid interception proxy. – Nonxnull Nov 19 '14 at 10:35
Use `user` filter statement to let the proxy out of the loop. But the whole concept still seems weird. – drookie Nov 19 '14 at 12:08
i don't know that statement, how can i use it? – Nonxnull Nov 19 '14 at 13:34
it depends on the user your proxy is running under. like, for example, `pass out on $oiface inet proto tcp from $oip to any port 80 user squid` - try this as third rule. – drookie Nov 19 '14 at 13:42

Local transparent proxy OS X pf

1 Answers1