On 05/02/14 05:34, Indunil Jayasooriya wrote:
Dear ALL,
I want to do ssh to a internel webserver from the outside world. ssh port
22 is running in that web server.
SSH port 22 is also ruuning my Openbsd 5.4 ( 32 bit ) firewall to which I
do ssh from the outside world.
So I want to add a rule to access internel webserver
So I decided to forward port 2222 of pf box to port 22 of internel
webserver
So, I added a rules like these. I Still can't access.
pass in log on $wan_if inet proto tcp from any to $wan_if port 2222 \
rdr-to $webserver port 22
pass out log on $int_if inet proto tcp from any to $webserver port 22
modulate state
But, I can't access
Why?
Not sure but what does:
sysctl net.inet.ip.forwarding
show? and if you are using ipv6:
sysctl net.inet6.ip6.forwarding
What does pfctl -sr show?
Using:
match in on $wan_if proto tcp to ($wan_if) port 2222 rdr-to \
$webserver port ssh
and
pass in on $wan_if proto tcp to ($wan_if) port 2222 flags S/SA synproxy
state
work for me on:
OpenBSD atom.crowsons.com 5.4 GENERIC.MP#44 i386
If the above does not help run tcpdump on both interfaces and see what
is / is not being passed...
hth
Fred