rdr redirect not working

Tue, 03 Sep 2002 10:15:20 -0700 

Hi.  I've installed OpenBSD 3.1 for the first time and am trying to get a firewall up 
and running.

I had no problems setting OpenBSD up the way I want it (via FTP) and everything 
appears to be working properly except for redirecting incoming requests through pf.  
The packets don't seem to go through.  Client workstations on the Internal LAN can use 
the OpenBSD gateway to connect to the Internet, but nothing from the Internet can 
connect to the Internal webserver.

'tcpdump -i pflog0' doesn't display anything coming through, both when I try accessing 
the webserver through the gateway from an internal LAN machine as well as an external 
machine from the Internet.

I am 100% sure that my ISP has not blocked port 80 because I can serve web pages 
through port 80 using a hardware gateway or with the webserver connected directly to 
the Internet.

I've searched the OpenBSD mail list archives, pf mail list archives and the Internet 
in general for help on this and there are several people that seem to have this 
problem, but I have yet to find a solid solution to it.

Can anyone offer any help?

Thanks!

Ben

Here's the background as to what I've done:

Internet <--> OpenBSD gateway <--> Internal LAN
          xl0                  xl1
    142.179.111.111      192.168.1.111

Internal LAN contains client workstations and a webserver (192.168.1.112)

- Installed generic OpenBSD 3.1
- Two network cards:
xl0 = External ADSL (142.179.111.111 - assigned via DHCP)
xl1 = Internal LAN (192.168.1.111)
tested both connections to be active and "ping"-able
- /etc/rc.conf:
portmap=NO
inetd=NO
ntpd=YES
pf=YES
basically closed all ports but SSH
- applied all patches from OpenBSD.org but kept generic kernel
- /etc/sysctl.conf:
net.inet.ip.forwarding=1
vm.swapencrypt.enable=1
- /etc/pf.conf:
pass in all
pass out all
- /etc/nat.conf
nat on xl0 from 192.168.1.0/24 to any -> xl0
rdr on xl0 proto tcp from any to 142.179.111.111 port 80 -> 192.168.1.112 port 80

(192.168.1.112 is webserver)
-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

Reply via email to