[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf rdr rules to another OpenBSD box...

To: ratfinklelinkle@hotmail.com, misc@openbsd.org
Subject: Re: pf rdr rules to another OpenBSD box...
From: "Michael Alaimo" <ratfinklelinkle@hotmail.com>
Date: Tue, 02 Sep 2003 16:21:40 -0400

can someone at least tell me if the rules are correct?  I think that they 
are ! :(


>From: "Michael Alaimo" <ratfinklelinkle@hotmail.com>
>To: misc@openbsd.org
>Subject: pf rdr rules to another OpenBSD box...
>Date: Mon, 01 Sep 2003 22:13:14 -0400
>
>Alright I know this is probably an easy one.... but for the life of me I 
>cannot figure out why this does not
>work.....  First I am trying to set up a redirected ftp connection from the 
>outside internet through an
>OpenBSD firewall to an OpenBSD machine running ftp.....  The machine 
>running ftp is running it
>through inetd with the default options.
>
>The second problem is quite similar... I am trying to run a quake server 
>from the BSD box with the ftp server  on it as well.....
>Oh yeah, the quake server port is 27960
>
>Both services work from behind the firewall.....
>
>Is there something on the quake server box that is impairing 
>connections.... I say this because
>I have had a rdr rule working to a win xp box for remote desktop before...? 
>so I don't know..
>I also built the pf.conf file from the OpenBSD faq site...
>
>here is my pf.conf file.
>
># macros
>int_if = "fxp0"
>ext_if = "xl0"
>
>tcp_services = "{ ident }"
>
>ftp_server = "10.1.1.19"
>quake3_server = "10.1.1.19"
>
>priv_nets = "{ 127.0.0.0/8, 10.1.1.1/24 }"
>
># options
>set block-policy return
>set loginterface $ext_if
>
># scrub
>scrub in all
>
># nat/rdr
>nat on $ext_if from $int_if:network to any -> ($ext_if)
>
>rdr on $ext_if proto tcp from any to any port 21 -> $ftp_server port 21
>rdr on $ext_if proto tcp from any to any port 49152:65535 -> $ftp_server 
>port 49152:65535
>rdr on $ext_if proto tcp from any to any port 27960 -> $quake3_server port 
>27960
>
># filter rules
>
>block all
>
>pass quick on lo0 all
>
>pass in quick on $ext_if proto tcp from any to $ftp_server port 21 keep 
>state
>pass in quick on $ext_if proto tcp from any to $ftp_server port > 49151 
>keep state
>pass in quick on $ext_if proto tcp from any to $quake3_server port 27960 
>keep state
>
>block drop in  log quick on $ext_if from $priv_nets to any
>block drop out log quick on $ext_if from any to $priv_nets
>
>pass in log on $ext_if inet proto tcp from any to ($ext_if) \
>   port $tcp_services flags S/SAFR keep state
>
>pass in log on $int_if from $int_if:network to any keep state
>pass out log on $int_if from any to $int_if:network keep state
>
>pass out log on $ext_if proto tcp all modulate state flags S/SAFR
>pass out log on $ext_if proto { udp, icmp } all keep state
>
>
>
>Thank you !!!!
>
>_________________________________________________________________
>Get MSN 8 and enjoy automatic e-mail virus protection.   
>http://join.msn.com/?page=features/virus
>

_________________________________________________________________
Get MSN 8 and enjoy automatic e-mail virus protection.   
http://join.msn.com/?page=features/virus

Follow-Ups:
- Re: pf rdr rules to another OpenBSD box...
  - From: jared r r spiegel <jrrs@ice-nine.org>

Prev by Date: MD5 sums missing for i386/x*.tgx for 3.4 beta
Next by Date: Re: Isakmpd and dynamic IPs configuration?
Prev by thread: pf rdr rules to another OpenBSD box...
Next by thread: Re: pf rdr rules to another OpenBSD box...
Index(es):
- Date
- Thread