[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rdr trouble

To: bob.debolt@telusplanet.net, misc@openbsd.org
Subject: Re: rdr trouble
From: Tom D <nofx@wincrash.com>
Date: Mon, 24 Jun 2002 21:02:06 -0700
References: <BGEJJIANFDOEEHFIMJMMGEIACPAA.bob.debolt@telusplanet.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530

Bob DeBolt wrote:

Try this:

> Greetings to all the nat.conf wiz guys
> 
> I continue to have trouble with rdr. 
> I have gone back to GENERIC stable 3.1. (June 24th)
> 
> I have routing, pf enabled and working fine.
> 
> Perhaps I have read too much over the last several
> days and am missing the obvious, if so, forgive me.
> 
> My external IP is X.X.X.X
> My External Interface is rl0
> My internal IP is 192.168.7.1
> My web server IP is 192.168.7.11
> 
> Here I their entirety are my pf.conf and nat.conf files.
> 
> # nat.conf
> 
> nat on rl0 from 192.168.7.0/24 to any -> X.X.X.X
> rdr on rl0 from any to any port 80 -> 192.168.7.11 port 80
# nat.conf
nat on rl0 from 192.168.7.0/24 to any -> X.X.X.X
rdr on rl0 proto tcp from any to X.X.X.X port 80 -> 192.168.7.11 port 80

> 
> # pf.conf
> 
> pass in quick all
> pass out quick all

Instead of having what you have there put that in:

# pf.conf
block in all
pass in quick on rl0 proto tcp from any to 192.168.7.11/32 port = 80 
keep state

Flush your nat table and reload the NAT and PF rules.
See if that will help.

> 
> I have tried numerous configurations, copied working examples, read 
> everyting I can get my hands on, but still struggle with this one.
> 
> Help is appreciated
> 
> Bob

References:
- rdr trouble
  - From: "Bob DeBolt" <bob.debolt@telusplanet.net>

Prev by Date: Re: Upcoming OpenSSH vulnerability
Next by Date: Compaq Smart Array 532
Prev by thread: rdr trouble
Next by thread: privsep checking
Index(es):
- Date
- Thread