[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    Re: ssh port forwarding + pf
From:       David Magda <dmagda () ee ! ryerson ! ca>
Date:       2004-07-17 20:25:39
Message-ID: 77A8B518-D82F-11D8-AB39-000A95B96FF8 () ee ! ryerson ! ca
[Download RAW message or body]


On Jul 15, 2004, at 23:33, Edvard Lauman wrote:

> rdr on $ext_if inet proto tcp from any to ($ext_if) port 80 -> $web_srv
> port 80

The RDR command tells the filter to redirect the packet, but do you 
have any lines that tell the filter to pass the packet? I have the 
following rule to redirect ports 80 and 22 to an internal server:

rdr on $ext_all proto tcp from any to any port { 22 80 } -> $int_ip

And further down in my pf.conf I have rules to actually allow the 
packets to pass through:

pass in on $ext_all proto tcp from any to $int_ip port 22               
\
         flags S/SA keep state
pass in on $ext_all proto tcp from any to $int_ip port 80               
\
         flags S/SA keep state

($ext_all is a macro for my external interfaces.)
[prev in list] [next in list] [prev in thread] [next in thread]