Redirecting privileged ports to unprivileged ports on the same system with pf on FreeBSD

I needed to set up a daemon for a service that’s in the low 1024 ports reserved for root on FreeBSD. However, I didn’t want to run the service as root. Instead, I set up pf (the firewall in BSDs) to simply redirect the port.

If you haven’t already, make sure pf is enabled; check the handbook page for how to do that. In this case, it’s just a matter of running:

sysrc pf_enable=yes

The default location of /etc/pf.conf is fine.

I took this example from the manual page for pf.conf; I’m merely posting this for the sake of search engines. The following example is trivial; ext_if is a variable for the interface to perform the mangling for, 119 is the privileged port I wanted to redirect, and 1119 is the target port.

ext_if = "vtnet0"
rdr on $ext_if proto tcp from any to any port 119 -> port 1119

Reload the pf rules, or start pf if you haven’t already. (Again, see the handbook. You’ll want to refer to it often.)

Leave a Reply

Your email address will not be published. Required fields are marked *