On Thu, Jan 10, 2008 at 09:37:49PM -0500, Rodrique Heron wrote: > On 1/10/08, Michal Varga <[EMAIL PROTECTED]> wrote: > > > > > > On Thu, 2008-01-10 at 12:10 -0500, Rodrique Heron wrote: > > > > > > > Thanks > > > > > > FreeBSD syntax for log all is "log-all", I have no block rules. I am > > > passing everything with. > > > > > > pass in quick all > > > pass out qick all > > > > > ah, I think this may be another problem. Syntax for log (all) really > > *was* log-all, in PF 3.7, that is approximately the version used in > > FreeBSD 6.x. I somehow forgot about this from your first mail. As > > FreeBSD 7 incporporates PF 3.9, things behave a little differently here > > and there. anyway, can you show me the exact PF config you are using > > now, one that you think should work and doesn't? > > > > > > > > > > > > Sorry for the duplicate, I forgot to CC the list. > > Both host are in the same broadcast domain,connected to the same switch. > > INTERNET > | > | > PIX Firewall > | > | > SWITCH*---*HOSTA 192.168.2.14 > * > | > | > * > HOSTB 192.168.2.27 > > > ### /etc/pf.conf > ext_if = "em0" > int_if = "lo0" > > host_ip = " 192.168.2.14" > jail_ip = "192.168.2.18" > external_host = "192.168.2.27" > > rdr on $ext_if proto tcp from any to $host_ip port 22 -> $external_host port > 22 > rdr on $ext_if proto tcp from any to $host_ip port 26 -> $jail_ip port 22 > > pass in quick all > pass out quick all
try this: rdr pass proto from any to $host_ip port ssh tag A -> $external_host nat pass all tagged A -> $host_ip /swp _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
