I guess you have to open up the (incomming) ports you want to redirect, instead
of blocking it.
good luck
-Stef
Quoting Eric <[EMAIL PROTECTED]>:
> Hello All,
>
> I have set up a PF on a OpenBSD 3.3 box, the NAT and
> binat is working fine. But I can�t redirect the
> traffic to the local server. I did this before when I
> used OpenBSD 3.0. Here is the pf.conf file:
>
>
>
> ********pf.conf***********
>
>
>
> # macros
>
> int_if = "fxp1"
>
> ext_if = "fxp0"
>
> tcp_services = "{ 21, 25, 80, 1723 }"
>
> priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16,
> 172.16.0.0/12, 10.0.0.0/8 }"
>
>
>
> # options
>
> #set loginterface $ext_if
>
>
>
> # scrub
>
> scrub in all
>
>
>
> # nat/rdr
>
> nat on $ext_if from $int_if:network to any ->
> ($ext_if)
>
> binat on $ext_if from 10.0.0.3 to any ->
> 123.123.123.123
>
> binat on $ext_if from 10.0.0.4 to any ->
> 234.234.234.234
>
> rdr on $int_if proto tcp from any to any port 21 ->
> 127.0.0.1 port 8021
>
> rdr on $ext_if proto tcp from any to 123.123.123.123
> port 80 -> \
>
> 10.0.0.3 port 80
>
> rdr on $ext_if proto tcp from any to 123.123.123.123
> port 80 -> \
>
> 10.0.0.3 port 21
>
> rdr on $ext_if proto tcp from any to 123.123.123.123
> port 80 -> \
>
> 10.0.0.3 port 25
>
> rdr on $ext_if proto tcp from any to 234.234.234.234
> port 1723 -> \
>
> 10.0.0.4 port 1723
>
> rdr on $ext_if proto 47 from any to 234.234.234.234 ->
> 10.0.0.4
>
>
>
> # filter rules
>
> block all
>
> block in on $ext_if all
>
> pass quick on lo0 all
>
>
>
> # active spoofing protection for the internal
> interface
>
> #antispoof quick for $int_if
>
>
>
> block drop in quick on $ext_if from $priv_nets to any
>
> block drop out quick on $ext_if from any to $priv_nets
>
> pass in on $ext_if inet proto tcp from any to
> ($ext_if) \
>
> port $tcp_services flags S/SA keep state
>
> pass in on $ext_if inet proto 47 from any to
> 234.234.234.234 keep state
>
> pass in on $int_if from $int_if:network to any keep
> state
>
> pass out on $int_if from any to $int_if:network keep
> state
>
> pass out on $ext_if proto tcp all modulate state flags
> S/SA
>
> pass out on $ext_if proto { udp, icmp } all keep state
>
> pass out on $ext_if proto 47 all keep state
>
>
>
>
> Is there any idea can help?
>
> Thanks
>
> Eric
>
>
>
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
> http://shopping.yahoo.com
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
