[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pf rdr rules to another OpenBSD box...

To: misc@openbsd.org
Subject: pf rdr rules to another OpenBSD box...
From: "Michael Alaimo" <ratfinklelinkle@hotmail.com>
Date: Mon, 01 Sep 2003 22:13:14 -0400

Alright I know this is probably an easy one.... but for the life of me I 
cannot figure out why this does not
work.....  First I am trying to set up a redirected ftp connection from the 
outside internet through an
OpenBSD firewall to an OpenBSD machine running ftp.....  The machine running 
ftp is running it
through inetd with the default options.

The second problem is quite similar... I am trying to run a quake server 
from the BSD box with the ftp server  on it as well.....
Oh yeah, the quake server port is 27960

Both services work from behind the firewall.....

Is there something on the quake server box that is impairing connections.... 
I say this because
I have had a rdr rule working to a win xp box for remote desktop before...? 
so I don't know..
I also built the pf.conf file from the OpenBSD faq site...

here is my pf.conf file.

# macros
int_if = "fxp0"
ext_if = "xl0"

tcp_services = "{ ident }"

ftp_server = "10.1.1.19"
quake3_server = "10.1.1.19"

priv_nets = "{ 127.0.0.0/8, 10.1.1.1/24 }"

# options
set block-policy return
set loginterface $ext_if

# scrub
scrub in all

# nat/rdr
nat on $ext_if from $int_if:network to any -> ($ext_if)

rdr on $ext_if proto tcp from any to any port 21 -> $ftp_server port 21
rdr on $ext_if proto tcp from any to any port 49152:65535 -> $ftp_server 
port 49152:65535
rdr on $ext_if proto tcp from any to any port 27960 -> $quake3_server port 
27960

# filter rules

block all

pass quick on lo0 all

pass in quick on $ext_if proto tcp from any to $ftp_server port 21 keep 
state
pass in quick on $ext_if proto tcp from any to $ftp_server port > 49151 keep 
state
pass in quick on $ext_if proto tcp from any to $quake3_server port 27960 
keep state

block drop in  log quick on $ext_if from $priv_nets to any
block drop out log quick on $ext_if from any to $priv_nets

pass in log on $ext_if inet proto tcp from any to ($ext_if) \
   port $tcp_services flags S/SAFR keep state

pass in log on $int_if from $int_if:network to any keep state
pass out log on $int_if from any to $int_if:network keep state

pass out log on $ext_if proto tcp all modulate state flags S/SAFR
pass out log on $ext_if proto { udp, icmp } all keep state



Thank you !!!!

_________________________________________________________________
Get MSN 8 and enjoy automatic e-mail virus protection.   
http://join.msn.com/?page=features/virus

Prev by Date: Returned mail: User unknown
Next by Date: Re: Send message on ppp going up|down [was Re: Install just samba client?]
Prev by thread: ScanMail Message: To Sender, virus found and action taken.
Next by thread: Re: pf rdr rules to another OpenBSD box...
Index(es):
- Date
- Thread