[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Perplexing pf rdr syntax error.

To: misc@openbsd.org
Subject: Perplexing pf rdr syntax error.
From: "C. Bensend" <benny@bennyvision.com>
Date: Thu, 2 Jan 2003 15:45:33 -0600
Content-Disposition: inline
Mail-Followup-To: misc@openbsd.org
User-Agent: Mutt/1.2.5.1i

Hey folks,

	I've been looking at this simple little problem for
so long now, I'm seeing crosseyed.  I'd appreciate it if
someone could look at this, and tell me what I'm missing.

	I have an internal DMZ setup, using two OpenBSD-STABLE
(3.1) boxes.  It's very simple, really:

             Internal LAN
                  |
             Frontend FW
                  | 
             (some boxes)
                  |
             Backend FW
                  |
             (some boxes)

	This is completely internal - it's for testing one of
our new software applications.  Unfortunately, I'm having a
syntax problem with my nat.conf file.  The file is as follows:


# Macros for interfaces
ext_if = "tx0"

# Macros for machines
amiisi      = "172.16.10.10"
confhp2     = "172.16.10.2"
devdmz      = "134.244.172.1/32"
amadi       = "172.16.10.30/32"
amadi_term  = "134.244.175.145/32"
amexi       = "172.16.10.40/32"
amexi_term  = "134.244.175.146/32"
amsqli      = "172.16.10.50/32"
amsqli_term = "134.244.175.147/32"

# Zone B (172.16.10/24)
nat on $ext_if from 172.16.10.0/24 to any -> 134.244.172.1

# SSH to confhp2
#rdr on tx0 proto tcp from any to $devdmz port ssh -> $confhp2 port ssh

# HTTP to amiisi
rdr on tx0 proto tcp from any to $devdmz port www -> $amiisi port www

# HTTPS to amiisi
rdr on tx0 proto tcp from any to $devdmz port https -> $amiisi port https

# T.120 to amiisi
rdr on tx0 proto tcp from any to $devdmz port t120 -> $amiisi port t120

# Terminal services
rdr on tx0 proto tcp from any to $devdmz port 3389 -> $amiisi port 3389
rdr on tx0 proto tcp from any to $amadi_term port 3389 -> $amadi port 3389
rdr on tx0 proto tcp from any to $amexi_term port 3389 -> $amexi port 3389
rdr on tx0 proto tcp from any to $amsqli_term port 3389 -> $amsqli port 3389


	Now, when I 'pfctl -v -N /etc/nat.conf', it complains about
syntax errors in the last three lines.  I cannot see any errors
here, but I've been looking and reading man pages for so long, my
head's spinning.  I cannot for the life of me see an error.

	Can someone enlighten me as to what the actual error is?

Thanks a bunch,

Benny

ps:  Notice that the machine is on 134.244.172/24, while the rdr
statements are using 134.244.175.x addresses (different subnet).  I
have not brought these aliases up yet - is THAT what it's complaining
about?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Discharge of a nuclear weapon shall be deemed a warlike act,
even if accidental."       -- My homeowners insurance policy

Follow-Ups:
- Re: Perplexing pf rdr syntax error.
  - From: "miscbsd" <miscbsd@sapl.ab.ca>

Prev by Date: Re: pppd has its own will?
Next by Date: Re: Are the FSF helpful?
Prev by thread: Re: pppd has its own will?
Next by thread: Re: Perplexing pf rdr syntax error.
Index(es):
- Date
- Thread