On 2012-05-02 21:56:39 -0300, Leonardo M. Rami wrote: > On 2012-05-02 23:27:44 +0200, Claudio Jeker wrote: > > On Wed, May 02, 2012 at 03:26:20PM -0300, Leonardo M. Rami wrote: > > > Hi, I've posted this to ServerFault.com, and I got an answer, but the > > > solution works only in part. > > > > > > This is my /etc/pf.conf > > > > > > set skip on lo > > > pass in log on em0 proto tcp from any to any port 104 rdr-to > > > 192.65.214.131 > > > pass out on vic0 from em0:network to any nat-to vic0 > > > > > > I have two nics: > > > > > > vic0 192.65.214.136 > > > em0 192.168.200.3 > > > > > > What I want to do is to forward all packets comming into 192.168.200.3 > > > port 104 to 192.65.214.131 port 104. > > > > > > The above configuration works perfectly if the sender interface is in > > > the network 192.168.200.x, but I also must allow packets comming from > > > other networks, like 192.168.7.x, for example. > > > > > > How can I enable them?. > > > > > > > With these redir rules redirection should just work but only in the case > > where the reverse traffic is also hitting the FW. If that is not the case > > I normaly tag the inbound traffic and use a tagged foobar nat-to ($out_if) > > statement to not only redir but also nat the traffic. With that I can > > ensure that the return traffic is flowing through the FW. > > > > Thanks Claudio, could you give an example?. >
Well I don't know why this didn't work, but suddenly, after fiddling with tcpdup it started to work as I expected. This is my new /etc/pf.conf: ------------- ext_if = "em0" int_if = "em1" set skip on lo pass in on $ext_if proto tcp from any to any port 104 rdr-to 192.65.214.131 pass out on $int_if from $ext_if:network to any nat-to $int_if block in on ! lo0 proto tcp to port 6000:6010 ------------- My interfaces are as this: # cat /etc/hostname.em0 inet 192.168.200.3 255.255.255.0 NONE inet alias 192.168.7.3 255.255.255.0 # cat /etc/hostname.em1 inet 192.65.214.136 255.255.255.0 NONE -- Leonardo M. Rami Medical IT - Griensu S.A. Av. Colsn 636 - Piso 8 Of. A X5000EPT -- Csrdoba Tel.: +54(351)4246924 +54(351)4247788 +54(351)4247979 int. 19 Cel.: +54(351)156629292
