[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
simple IPF and IPNAT but problem between chair and keyboard
- To: <misc@openbsd.org>
- Subject: simple IPF and IPNAT but problem between chair and keyboard
- From: "Will Macdonald" <wfm@macscan.co.uk>
- Date: Tue, 1 May 2001 16:20:09 +0100
I installed the 2.9 snapshot on a machine yesterday, and configures using
the same rules I had applied to a 2.8 machine recently, and am having
serious problems use rdr to send SMTP/www traffice to a machine on internal
network.
I have simplified the rules as much as possible, but no joy. I've also read
through www.obfuscation.org/ipf without any luck.
Can someone see what is wrong ?? I have modified the file sysctl.conf and
rc.conf accordingly. All traffic behind the NAT machine works OK, but when I
try to telnet to port 25 from outside i get no response.
In the ipnat.rules file I tried having the map rules after the rdr rules,
but no luck either way.
/etc/ipnat.rules
map ep0 10.1.1.7/24 -> 123.123.123.123/32 portmap tcp/udp 1025:65000
map ep0 10.1.1.7/24 -> 123.123.123.123/32
#map ppp0 10.0.0.0/8 -> ppp0/32 portmap tcp/udp 10000:20000
rdr ep0 123.123.123.123/32 port 25 -> 10.1.1.1 port 25
rdr ep0 123.123.123.123/32 port 80 -> 10.1.1.1 port 80
rdr ep0 123.123.123.123/32 port 110 -> 10.1.1.1 port 110
rdr ep0 123.123.123.123/32 port 143 -> 10.1.1.1 port 143
rdr ep0 123.123.123.123/32 port 993 -> 10.1.1.1 port 993
/etc/ipf.rules
pass in from any to any
pass out from any to any
pass in quick on ep0 proto tcp from any to 123.123.123.123/32 port = 25 keep
state
pass in quick on ep0 proto tcp from any to 123.123.123.123/32 port = 80 keep
state
pass in quick on ep0 proto tcp from any to 123.123.123.123/32 port = 143
keep state
pass out quick on ep0 proto tcp from any to any keep state