Re: rdr over ip alias
On 7/25/06, Darrin Chandler <[EMAIL PROTECTED]> wrote: On Tue, Jul 25, 2006 at 04:52:49PM -0400, mnothic wrote: > yea but don't work for me on OpenBSD 3.9 with 2 NIC wan and lan > > I have NAT on primary IP and "rdr ... to $alias_whit_second_public_ip > port 80 -> $prv_machine" > but the trafict don't work and without alias the same rule work. > > work > rdr pass on $ext_if proto tcp from any to $ext_if port 80 -> $web_server > port 80 > > don't work > rdr pass on $ext_if proto tcp from any to $alias port 80 -> $web_server > port 80 Remember that unlike filtering rules, nat/rdr use the first match instead of the last. Does something above your "$alias port 80 ->" rule also match? Perhaps something with ($ext_if)? mmm only NAT see you the nat rules set: nat on $ext_if from $internal_net -> $ext_if:0 rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 rdr pass on $ext_if proto tcp from any to $ext_addr port 35256 -> $alter_int rdr pass on $ext_if proto tcp from any to $ext_if port www -> 192.168.0.9 port www the problem exist when the NIC has an alias -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | -- Jorge "mandatory" Medina.
Re: rdr over ip alias
yea but don't work for me on OpenBSD 3.9 with 2 NIC wan and lan I have NAT on primary IP and "rdr ... to $alias_whit_second_public_ip port 80 -> $prv_machine" but the trafict don't work and without alias the same rule work. work rdr pass on $ext_if proto tcp from any to $ext_if port 80 -> $web_server port 80 don't work rdr pass on $ext_if proto tcp from any to $alias port 80 -> $web_server port 80 Huh. This works perfectly fine for me on FreeBSD with pf. I've got it on a couple of machines, and no problems yet.: rdr pass on $ext_if proto tcp from any to alias.domain.org -> 192.168.17.26 Granted - I'm not using a variable for the alias address, I've got the actual hostname in there, and I'm redirecting all traffic, not just port 80, but it /should/ work the same...
Re: rdr over ip alias
On Tue, Jul 25, 2006 at 04:52:49PM -0400, mnothic wrote: > yea but don't work for me on OpenBSD 3.9 with 2 NIC wan and lan > > I have NAT on primary IP and "rdr ... to $alias_whit_second_public_ip > port 80 -> $prv_machine" > but the trafict don't work and without alias the same rule work. > > work > rdr pass on $ext_if proto tcp from any to $ext_if port 80 -> $web_server > port 80 > > don't work > rdr pass on $ext_if proto tcp from any to $alias port 80 -> $web_server > port 80 Remember that unlike filtering rules, nat/rdr use the first match instead of the last. Does something above your "$alias port 80 ->" rule also match? Perhaps something with ($ext_if)? -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: rdr over ip alias
On 7/25/06, Daniel Hartmeier <[EMAIL PROTECTED]> wrote: On Tue, Jul 25, 2006 at 01:07:06PM -0400, mnothic wrote: > I need documentation it approaches incoming traffic in an IP ALIAS and > port redirected to a private IP and port Start with the pf.conf(5) man page, as on http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf There is nothing special about redirecting connections that originally have an IP alias as the destination address, you just specify that in the "rdr ... to $alias -> $new_dest" part. Daniel yea but don't work for me on OpenBSD 3.9 with 2 NIC wan and lan I have NAT on primary IP and "rdr ... to $alias_whit_second_public_ip port 80 -> $prv_machine" but the trafict don't work and without alias the same rule work. work rdr pass on $ext_if proto tcp from any to $ext_if port 80 -> $web_server port 80 don't work rdr pass on $ext_if proto tcp from any to $alias port 80 -> $web_server port 80 cat hostname.xl0 inet a.a.a.154 255.255.255.248 NONE inet alias a.a.a.155 255.255.255.255 inet alias a.a.a.156 255.255.255.255 inet alias a.a.a.157 255.255.255.255 inet alias a.a.a.158 255.255.255.255
Re: rdr over ip alias
On Tue, Jul 25, 2006 at 01:07:06PM -0400, mnothic wrote: > I need documentation it approaches incoming traffic in an IP ALIAS and > port redirected to a private IP and port Start with the pf.conf(5) man page, as on http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf There is nothing special about redirecting connections that originally have an IP alias as the destination address, you just specify that in the "rdr ... to $alias -> $new_dest" part. Daniel
