pekka wrote:
Hi,
is there a way to shorten these redirection rules with some macros
server1 = 192.168.140.1
server2 = 192.168.140.2
server3 = 192.168.140.3
server4 = 192.168.140.4
rdp_port1 = 10001
rdp_port2 = 10002
rdp_port3 = 10003
rdp_port4 = 10004
pass in log on $ext_if proto tcp from any to $ext_if port $rdp_port1 \
rdr-to $server1 port 3389
pass in log on $ext_if proto tcp from any to $ext_if port $rdp_port2 \
rdr-to $server2 port 3389
pass in log on $ext_if proto tcp from any to $ext_if port $rdp_port3 \
rdr-to $server3 port 3389
pass in log on $ext_if proto tcp from any to $ext_if port $rdp_port4 \
rdr-to $server4 port 3389
The port number is always server number + 1
The manual says port ranges are supported with:
pass in on tl0 proto tcp from any to any port 10001:10004 \
rdr-to 192.168.140.1 port 3389
but is there a way to use similar accemding ordering for servers
somehow like this:
pass in on tl0 proto tcp from any to any port 10001:10004 \
rdr-to 192.168.140.1:192.168.140.4 port 3389
-pekka-
I'm not aware of such functionality.
If it's not too much trouble I'd like to suggest using a script to generate
these rules, e.g.:
#!/bin/sh
start=10;
i=${start};
port=0;
server=192.168.0.;
nsrv=2;
while [ $i != $((nsrv+start)) ];
do
echo port $((port+i)) rdr-to ${server}${i};
i=$((i+1));
done
generates:
port 10 rdr-to 192.168.0.10
port 11 rdr-to 192.168.0.11
(I'll leave it to you to fill in the blanks)
If you redirect the output to a file, e.g. /etc/pf/rdp.rules, you can include
that in your main pf.conf.
