Re: pf redirect problem

[sven falempin]

tcpdump on pflog will probably help (see the FAQ)

2010/9/2 Timothy Beyer <timot...@titaniumant.com>

> Hello,
>
> I'm having trouble setting up a redirect rule and I'm not sure where I'm
> going
> wrong.  My redirect line and filter rules look like:
>
> rdr on $ext_nic proto tcp from any to 38.xxx.xxx.213 -> 192.168.1.227
> pass in on $ext_nic proto tcp from any to 192.168.1.227 port ssh queue ssh
> pass in on $ext_nic proto tcp from any to 192.168.1.227 port www queue www
>
> The output of 'pfctl -s nat' is:
>
> nat on fxp0 inet from 192.168.1.0/24 to any -> 38.xxx.xxx.206
> nat on fxp0 inet from 192.168.2.0/24 to any -> 38.xxx.xxx.207
> nat on fxp0 inet from 192.168.3.0/24 to any -> 38.xxx.xxx.208
> nat on dc3 inet from 192.168.1.0/24 to any -> 192.168.10.156
> nat on fxp0 inet from 192.168.10.15 to any -> 38.xxx.xxx.206
> rdr on fxp0 inet proto tcp from any to 38.xxx.xxx.209 -> 192.168.1.16
> rdr on fxp0 inet proto tcp from any to 38.xxx.xxx.210 -> 192.168.1.21
> rdr on fxp0 inet proto tcp from any to 38.xxx.xxx.212 -> 192.168.1.12
> rdr on fxp0 inet proto tcp from any to 38.xxx.xxx.211 -> 192.168.1.24
> rdr on fxp0 inet proto tcp from any to 38.xxx.xxx.213 -> 192.168.1.227
>
> All of the other redirects are working.  I see my filter rule in the output
> from 'pfctl -s rules' but I can't connect via ssh from an external network
> after reloading pf.conf.  Any insight would be very much appreciated.  I've
> posted my full conf at http://pastebin.com/TZa0WzE0 if needed.
>
> Thanks,
>
> Tim
>
>


--
 No doubt it is one of the functions of art to replace religious faith by
the effective ingredient of beauty. At least beauty must have the power of a
poem, that is to say of a crime.