Re: how to forward port 2222 of pf box to port 22 of internel webserver
Thanks for enlightening me. Have a good day. On Fri, May 2, 2014 at 8:53 PM, John D. Verne j...@clevermonkey.org wrote: On Fri, May 02, 2014 at 12:53:05PM +0530, Indunil Jayasooriya wrote: Thanks for the support. I changed the port from to 2224. Now it works. This PF box is behind a ADSL router. I assume this ADSL router has reserved port . I have no access to this ADSL router. is used by a few LAN client services, and is often a backdoor for trojans. So it is either blocked, or reserved for some Rockwell services. -- John D. Verne j...@clevermonkey.org -- Thank you Indunil Jayasooriya http://www.theravadanet.net/ http://www.siyabas.lk/sinhala_how_to_install.html - Download Sinhala Fonts
Re: how to forward port 2222 of pf box to port 22 of internel webserver
On 05/02/14 05:34, Indunil Jayasooriya wrote: Dear ALL, I want to do ssh to a internel webserver from the outside world. ssh port 22 is running in that web server. SSH port 22 is also ruuning my Openbsd 5.4 ( 32 bit ) firewall to which I do ssh from the outside world. So I want to add a rule to access internel webserver So I decided to forward port of pf box to port 22 of internel webserver So, I added a rules like these. I Still can't access. pass in log on $wan_if inet proto tcp from any to $wan_if port \ rdr-to $webserver port 22 pass out log on $int_if inet proto tcp from any to $webserver port 22 modulate state But, I can't access Why? Not sure but what does: sysctl net.inet.ip.forwarding show? and if you are using ipv6: sysctl net.inet6.ip6.forwarding What does pfctl -sr show? Using: match in on $wan_if proto tcp to ($wan_if) port rdr-to \ $webserver port ssh and pass in on $wan_if proto tcp to ($wan_if) port flags S/SA synproxy state work for me on: OpenBSD atom.crowsons.com 5.4 GENERIC.MP#44 i386 If the above does not help run tcpdump on both interfaces and see what is / is not being passed... hth Fred
Re: how to forward port 2222 of pf box to port 22 of internel webserver
Thanks for the support. I changed the port from to 2224. Now it works. This PF box is behind a ADSL router. I assume this ADSL router has reserved port . I have no access to this ADSL router. These are the rules. pass in log on $wan_if inet proto tcp from any to $wan_if port 2224 \ rdr-to $webserver port 22 synproxy state pass out log on $int_if inet proto tcp from any to $webserver port 22 modulate state sysctl net.inet.ip.forwarding I have already set it to = 1 net.inet.ip.forwarding=1 Thanks for the below rules Using: match in on $wan_if proto tcp to ($wan_if) port rdr-to \ $webserver port ssh and pass in on $wan_if proto tcp to ($wan_if) port flags S/SA synproxy state work for me on: OpenBSD atom.crowsons.com 5.4 GENERIC.MP#44 i386 If the above does not help run tcpdump on both interfaces and see what is / is not being passed... hth Fred Not sure but what does: -- Thank you Indunil Jayasooriya http://www.theravadanet.net/ http://www.siyabas.lk/sinhala_how_to_install.html - Download Sinhala Fonts
Re: how to forward port 2222 of pf box to port 22 of internel webserver
On Fri, May 02, 2014 at 12:53:05PM +0530, Indunil Jayasooriya wrote: Thanks for the support. I changed the port from to 2224. Now it works. This PF box is behind a ADSL router. I assume this ADSL router has reserved port . I have no access to this ADSL router. is used by a few LAN client services, and is often a backdoor for trojans. So it is either blocked, or reserved for some Rockwell services. -- John D. Verne j...@clevermonkey.org