Redirect Port in pf.conf

Other team need to access absence url from outside, system need to be setup not more than 10 minutes.

How to reach lan from public access and lock it to specified public ip address only ?

Using redirection is the fastest solution.

For illustration :

We have 3 computer, A, B and C. Each computer has specification.

Computer A, has ip address :

Public :

Computer B, has ip address :

Public :

Local :

Computer C, has ip address :

Local : ( where absence script, apache etc reside)

Objective :

User type address, and they will get same page as they were access from lan.

Preparation :

Login to computer B via putty and open pf.conf using ee or another editor.

#ee pf.conf

Snippet of pf.conf for that purpose (redirection) :


#specify interface

EXT = "fxp0"
INT = "em0"

#variable declaration

LAN_clients = ""

TCP_OPTIONS = "flags S/SAFRUP keep state"

set loginterface $EXT
scrub in on $EXT all

rdr on $EXT proto tcp from $ip_public to $ip_hosting port 8081 -> $ip_lan port 80


save the file.

Stop pf (pfctl -d)

Enable pf again (pfctl -e -f /etc/pf.conf)


Why I still can’t see the page?

Well, perhaps in computer C you have to set route for lan access to computer B.

just delete existing route will do that magic :-)

#route delete default

#route add default

Common problem that I see when I try this method is forget to check the route :-)


Just ask user to test, good luck.

Happy redirecting 😉