Hi I have a question that seems seemingly simple, but I can't seem to get rdr working properly. Here is some info... I thought I followed along correctly from the PF FAQ, and also I've stared at rdr in Absolute OpenBSD, but doesn't seem to work. Maybe it is just my testing method?
Side note: I have to use dyndns.org's port redirection (to cloak URLS) due to my ISP blocking requests to :80. If I comment out the rdr, and start apache on my firewall (apache listening on port 23 as well as 80), and make a request to http://my.domain.org:23/ it works. If I stop apache, enable the rdr line, and have apache running on 10.10.10.2:80, it doesn't work. From 10.10.10.11, I can get the webpage http://10.10.10.2:80/, but again can't get http://my.domain.org:23/. Would this be because I'm on the interanl network to begin with? I'm sure this wouldn't be a problem, but thought I'd mention it. And I'm not seeing anything on pflog0, so not sure where things are messing. Any ideas/recommendations please? or a suggestion on a better way I could think through or debug this too. thanks. b. int_if = "fxp1" ext_if = "fxp0" tcp_services = "{ 22, 23, 80 }" icmp_types = "echoreq" webserver="10.10.10.2" priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12 }" set block-policy return set loginterface $ext_if scrub in all nat on $ext_if from $int_if:network to any -> ($ext_if) rdr on $ext_if proto tcp from any to any port 23 -> $webserver port 80 block log all pass quick on lo0 all block drop in quick on $ext_if from $priv_nets to any block drop out quick on $ext_if from any to $priv_nets pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state pass in inet proto icmp all icmp-type $icmp_types keep state pass in on $int_if from $int_if:network to any keep state pass out on $int_if from any to $int_if:network keep state pass out on $ext_if proto tcp all modulate state flags S/SA pass out on $ext_if proto { udp, icmp } all keep state __________________________________ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com
