Re: exposing an internal server to the Internet

2005-05-15 Thread Mario Lopez
I would use OpenBSD's transparent bridging feature with (optionally) pf filtering. Mario. Hi, I have a situation where an internal (located in a LAN and behind a OpenBSD firewall/NAT) has to be fully exposed to the Internet! What's the best way to acieve that? Thanks George

Re: exposing an internal server to the Internet

2005-05-15 Thread Andreas Boman
If I understand you correctly, what you are asking for requires an external IP for each of the internal servers. After that it is just a matter of forwarding all ports from an external ip to an internal one, applying firewall rules either on the gateway/router box or on the internal server.

Re: exposing an internal server to the Internet

2005-05-15 Thread Jason Dixon
On May 15, 2005, at 5:10 PM, Jason Dixon wrote: On May 15, 2005, at 4:11 PM, GV wrote: not really. Actually I would like to avoid that. I rather wanted to have one external IP address and different ports on this address should redirect to different internal machines! Ok, let's nip this in the

Re: exposing an internal server to the Internet [SOLVED]

2005-05-15 Thread GV
YES! That was the problem! Thanks a lot! George On Sunday 15 May 2005 01:02, Arnaud Bergeron wrote: On 5/14/05, GV [EMAIL PROTECTED] wrote: no, I don't need any port of that machine to be exposed to the Internet. Only a certain range. I tried the following: -- nat on $ext_if

exposing an internal server to the Internet

2005-05-14 Thread GV
Hi, I have a situation where an internal (located in a LAN and behind a OpenBSD firewall/NAT) has to be fully exposed to the Internet! What's the best way to acieve that? Thanks George

Re: exposing an internal server to the Internet

2005-05-14 Thread Abraham Al-Saleh
Do you need every port on the mail server to be exposed to the internet? that's how I originally interpreted your question. If you only need mail server ports, then use the rdr statement, which you can again read about in the pf.conf man page. Otherwise, you will need to alias another ip to your

Re: exposing an internal server to the Internet

2005-05-14 Thread GV
no, I don't need any port of that machine to be exposed to the Internet. Only a certain range. I tried the following: -- nat on $ext_if from $int_if:network to any - $ext_if rdr on $int_if proto tcp from any to any port 21 - 127.0.0.1 port 8021 rdr pass on $ext_if proto tcp from any to any

Re: exposing an internal server to the Internet

2005-05-14 Thread Arnaud Bergeron
On 5/14/05, GV [EMAIL PROTECTED] wrote: no, I don't need any port of that machine to be exposed to the Internet. Only a certain range. I tried the following: -- nat on $ext_if from $int_if:network to any - $ext_if rdr on $int_if proto tcp from any to any port 21 - 127.0.0.1 port 8021

Re: exposing an internal server to the Internet

2005-05-14 Thread Jason Dixon
On May 14, 2005, at 5:25 PM, GV wrote: Hi, I have a situation where an internal (located in a LAN and behind a OpenBSD firewall/NAT) has to be fully exposed to the Internet! What's the best way to acieve that? Sorry, your question makes no sense. What are you trying to achieve? Are you asking