On Friday 11 January 2008, Rodrique Heron wrote: > On 1/10/08, Michal Varga <[EMAIL PROTECTED]> wrote: > > On Thu, 2008-01-10 at 12:10 -0500, Rodrique Heron wrote: > > > Thanks > > > > > > FreeBSD syntax for log all is "log-all", I have no block rules. I > > > am passing everything with. > > > > > > pass in quick all > > > pass out qick all > > > > ah, I think this may be another problem. Syntax for log (all) really > > *was* log-all, in PF 3.7, that is approximately the version used in > > FreeBSD 6.x. I somehow forgot about this from your first mail. As > > FreeBSD 7 incporporates PF 3.9, things behave a little differently > > here and there. anyway, can you show me the exact PF config you are > > using now, one that you think should work and doesn't? > > Sorry for the duplicate, I forgot to CC the list. > > Both host are in the same broadcast domain,connected to the same > switch.
Sounds like you are looking for some kind of reflection rather than just redirection. If resources on the pf box are plenty and you don't mind running network daemons on it, something like net/rinetd might do the trick. > INTERNET > > > PIX Firewall > > > SWITCH*---*HOSTA 192.168.2.14 > * > > > * > HOSTB 192.168.2.27 > > > ### /etc/pf.conf > ext_if = "em0" > int_if = "lo0" > > host_ip = " 192.168.2.14" > jail_ip = "192.168.2.18" > external_host = "192.168.2.27" > > rdr on $ext_if proto tcp from any to $host_ip port 22 -> $external_host > port 22 > rdr on $ext_if proto tcp from any to $host_ip port 26 -> $jail_ip port > 22 > > pass in quick all > pass out quick all > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
signature.asc
Description: This is a digitally signed message part.
