On Thursday 08 October 2009 00:47:09 Andres Salazar wrote: > Hello guys, > > I have the following rules .. iam trying to put the IP of the PF box > into the browser and have it get the page thats on 208.99.249.95. > > When I do that the connection just hangs and doesnt give me any content. > > cat /etc/pf.conf > ## Macros > ## TABLES > ## GLOBAL OPTIONS > ## TRAFFIC NORMALIZATION > ## QUEUEING RULES > ## TRANSLATION RULES (NAT) > rdr pass on re0 proto tcp from any to any port 80 -> 208.99.249.95 > ## FILTER RULES > pass in log all keep state > pass out log all keep state > > # cat /etc/sysctl.conf > net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 > packets net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of > IPv4 multicast packets > > > pflog says: > > > Oct 08 00:44:27.605603 rule 0/(match) rdr in on re0: my.ip.here.50755 > > > 208.99.249.95.80: S 6447955:6447955(0) win 5840 <mss > > 1460,sackOK,timestamp 8290643[|tcp]> (DF) > Oct 08 00:44:27.605612 rule 1/(match) pass out on re0: > my.ip.here.50755 > 208.99.249.95.80: S 6447955:6447955(0) win 5840 > <mss 1460,sackOK,timestamp 8290643[|tcp]> (DF) > > Thanks for the help. > > Andres > Probably what you want might be something like this in pf.conf match in on $int_if proto tcp from any to ($ext_if) port www rdr-to 127.0.0.1 port 5000 and in inetd.conf: 127.0.0.1:5000 stream tcp nowait nobody /usr/bin/nc nc -w 20 my.internal.gateway.ip.here 80
I believe this was somewhere in the pf faq, not exactly sure, you should start inetd of course. If I'm right you wanna see what's your home hosted httpd doing on the outside interface using your dyndns fqdn from internal network or similar. Actually there's changes in pf so you might want to specify your version. Regards, Dorian
