on OpenBSD fire.sporkton.com 4.3 GENERIC#698 i386
I have this pf.conf config, it does not work for vnc
ext_if="xl0"
lawrence="10.0.0.17"
rdr on $ext_if proto tcp from any to $ext_if port vncweb -> $lawrence
port vncweb
rdr on $ext_if proto tcp from any to $ext_if port vnc -> $lawrence port vnc
pass in on $ext_if inet proto tcp from any to $ext_if port vncweb \
modulate state (max-src-conn-rate 3/30, overload <vnc-attack>)
pass in on $ext_if inet proto tcp from any to $ext_if port vnc \
modulate state (max-src-conn-rate 3/30, overload <vnc-attack>)
If i use the pass keyword instead in the rdr statement(as below), it
works fine.
rdr pass on $ext_if proto tcp from any to $ext_if port vnc -> $lawrence port vnc
Does anyone see something worng with my pass statements?
thanks
--
-Lawrence
