[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
rdr for outgoing connections originating from the box itself
- To: misc@openbsd.org
- Subject: rdr for outgoing connections originating from the box itself
- From: "Denis A. Doroshenko" <d.doroshenko@omnitel.net>
- Date: Tue, 23 Sep 2003 17:07:53 +0300
- Content-Disposition: inline
- Mail-Followup-To: misc@openbsd.org
hello,
while reading through pf.conf(5) and experimenting a lot with pfctl, i
cannot find an a solution for the subject. rdr to ftp-proxy works for
nat'ed boxen. did not try for the ftp originating from the nat box itself,
though. now i want to fight rsh, so i am writting rsh-proxy. so when i
try to test the buggy proxy, i cannot get the rsh connections being
redirected to localhost. can it be so, that the packets to be affected
need to be either forwarded or incoming, i.e. not originating from the
box performing redirection?
the os is "OpenBSD 3.3-stable (BLOWFISH) #8: Mon Sep 1 14:52:53 EEST 2003".
the pf.conf contains:
scrub in all
rdr on rl0 inet proto tcp to port shell -> 127.0.0.1 port 8514
and pfctl -s all says:
scrub in all fragment reassemble
rdr on rl0 inet proto tcp from any to any port = shell -> 127.0.0.1 port
8514
Status: Enabled for 0 days 00:36:26 Debug: None
State Table Total Rate
current entries 0
searches 7153 3.3/s
inserts 0 0.0/s
removals 0 0.0/s
Counters
match 0 0.0/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
tcp.first 120s
tcp.opening 30s
tcp.established 86400s
tcp.closing 900s
tcp.finwait 45s
tcp.closed 90s
udp.first 60s
udp.single 30s
udp.multiple 60s
icmp.first 20s
icmp.error 10s
other.first 60s
other.single 30s
other.multiple 60s
frag 30s
interval 10s
states hard limit 10000
frags hard limit 5000
--
Denis A. Doroshenko, GPRS engineer, d.doroshenko@omnitel.net, +37069863486
Omnitel Ltd., Muitines Str. 35, LT-2600 Vilnius, Lithuania; www.omnitel.lt