Hi there,
I have a very simple PF conf that doesn't seem to be working on a fresh
install of 4.2. I have 1 network adapter, pcn0 (10.0.0.124),
net.inet.ip.forwarding=1, pfctl -e
Rules:
int_if="pcn0"
rdr log (all) on $int_if inet proto tcp from any to any port 7000 ->
127.0.0.1 port 8000
rdr log (all) on $int_if inet proto tcp from any to any port 7001 ->
10.0.0.10 port 8001
pass all
Running:
nc -l 8000 (on openbsd box)
nc -l -p 8001 (on 10.0.0.10, debian box)
Results:
telnet 10.0.0.124 7000 => works just fine, talks to local netcat
telnet 10.0.0.124 7001 => nothing... just times out
Debug:
tcpdump -n -e -ttt -i pflog0
rule 0/(match) rdr in on pcn0: 10.0.0.165.2097 > 127.0.0.1.8000:
[|tcp] (DF)
rule 0/(match) rdr out on pcn0: 10.0.0.124.7000 > 10.0.0.165.2097:
[|tcp] (DF)
(etc... works fine)
rule 1/(match) rdr in on pcn0: 10.0.0.165.2098 > 10.0.0.10.8001:
[|tcp] (DF)
rule 1/(match) rdr in on pcn0: 10.0.0.165.2098 > 10.0.0.10.8001:
[|tcp] (DF)
(etc... no reply back)
I can telnet straight to 10.0.0.10 8001 from both testing box (.165) and
openbsd box, but as soon as there is the extra hop in the middle it all
stops working. tcpdump appears to say its going out properly. Am I
missing something really really obvious??
Any help most appreciated, I'm really stumped by this!
Thanks, and apologies if it's a stupid question.
--Michael Adams
