[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-pf
Subject: Re: can't add a port forwarding
From: mouss <mouss () netoyen ! net>
Date: 2008-11-15 17:16:38
Message-ID: 491F03F6.4020307 () netoyen ! net
[Download RAW message or body]
Bastien Semene wrote:
> Hi everyone,
>
> I'm currently facing a weird problem. I have a pf box acting as a
> gateway for some services and want to add a port forwarding for https.
>
> So I added the following rule :
>
> rdr pass on $ext_if proto tcp from any to any port 443 -> $atlas_ip
> //variables are correct since I have a similar rule for port 80.
>
> The "pfctl -s nat" shows this :
>
> nat on bge0 inet from 10.1.8.1 to any -> "external_interface_ip"
> rdr pass on bge0 inet proto tcp from any to any port = http -> 10.1.8.1
> rdr pass on bge0 inet proto tcp from any to any port = https -> 10.1.8.1
>
> An Nmap from outside shows this :
>
> # nmap -P0 -p80,443,17900 "external_interface_ip"
>
> Starting Nmap 4.20 ( http://insecure.org ) at 2008-11-04 16:22 CET
> Interesting ports on "external_interface_ip":
> PORT STATE SERVICE
> 80/tcp open http
> 443/tcp closed https
> 17900/tcp filtered unknown
>
maybe you allow port 80 but not 443 in your pf rules?
> I tried reloading pf rules with "pfctl -F all -f /etc/pf.conf",
> restarting the machine, but nothing changed. The securelevel is also at
> -1, so pf should take the changes into account.
> And of course the destination https server receives nothing on https port.
> http and preconfigured nat/forwards works perfectly.
>
> I tried to comment the "scrub in all" option, but because the rdr line
> doesn't seem to be affected, I'm not sure this one is.
>
> If someone has an idea or direction to follow I take every piece of
> thought.
> Thanks all.
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic