I’m attempting to create the following setup to no avail:
1) There are 3 machines in the testing setup: client, router, server.
2) The server is running apache2 on port 80 and has been verified to
work just fine.
3) The router has 3 interfaces, of which only 2 are set up: the external
interface is attached to the client, and the internal is attached to the
server.
4) The client should SSH into the router, and create tunnels using port
forwarding from local port 80 to port 80 on the router.
5) The router redirects port 80 on the external interface to port 80 on
the server.
6) The client should be able to connect to local port 80 and get to the
web server.
Ok so this doesn’t work. The rdr rule works fine such that if you access
port 80 on the router from the client (directly, with no tunnel), it
redirects you to the server. SSH works in that you can SSH into the
router. The tunnel however is refused. The initial redirect was as
follows:
rdr on $ext_if inet proto tcp from any to ($ext_if) port 80 -> $web_srv
port 80
On a whim I modified it as follows:
rdr on {$ext_if, lo0} inet proto tcp from any to {($ext_if), 127.0.0.1}
port 80 -> $web_srv port 80
Now the tunnel is still refused, but it takes longer before that
happens. Looking at my port 80 on various interfaces with tcpdump, I
found nothing until I looked at lo0. Here I found packets going from an
ephemeral port (6877 for example) to port 80 on the $ext_if address.
I'm new to pf and ssh, so I'm not sure I understand what's going on.
Could someone please try and explain to me why this isn't working, and
how to make it work (if in fact it is possible to make this work)? From
what little I know, it seems like the ephemeral port is the endpoint of
the tunnel and it's attempting to send the traffic from the tunnel to
port 80. But why do I see this only on the loopback interface? And why
isn't the rdr picking it up?
Thanks in advance for any light you guys can shed on this.
Ed Lauman
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.713 / Virus Database: 469 - Release Date: 30/06/2004
