Security Testing: Issues with Traffic Forwarding and Firewall Rules


I am currently conducting some security testing within my network and have encountered a challenge…
Here is a brief overview of my setup and the problem:

Attacker Machine: MacOS with IP address
Target Machine: IP address
On the attacker machine, I have configured port forwarding and created a redirect rule intended for use
with the tool sslsplit. The configurations are as follows:
sysctl net.inet.ip.forwarding=1

rdr pass on en0 inet proto tcp from any to any port 443 → port 8443
rdr pass on en0 inet proto tcp from any to any port 80 → port 8080

When I disable the pf.conf rules, arp spoofing functions perfectly.
However, upon enabling the pf.conf rules, the target machine loses internet connectivity.

Although the forwarding to ports 8443 and 8080 appears to be operational, when examining the firewall rules,
I encounter messages indicating “DROP_CTINVALID.”

I am concerned that ipfire might be blocking the traffic…
Specifically, I’m trying to figure out why, with the firewall rules enabled on my MacOS (pf.conf),
the traffic does not seem to forward back to the target machine properly.

Could you provide guidance on how to analyze this traffic and determine the underlying issue with the forwarding
and firewall configurations?

Thank you for your assistance.

How IPFire is involved in this?

1 Like

ok i understand i try to figure out

I do not understand, sorry.
May I guess that you’re not actually talking about a IpFire installation?

it’s not about the ipfire installation… i’m just testing the security of my network

You may find this informative.