Asunto: PF Firewall Problem

["Javier Quiroga" <jq@fibertel.com.ar>]

here`s the rules.

bye,
javier

----------------------------------------------------------------------
# macros
int_if = "rl1"
ext_if = "rl0"

tcp_services = "{ 22, 80 }"

priv_nets = "{ 0.0.0.0/8, 10.0.0.0/8, 20.20.20.0/24, 127.0.0.0/8, 169.254.0.0/16,
172.16.0.0/12, 192.0.2.0/24, 192.168.0.0/16, 224.0.0.0/3} "

# options
set block-policy return
set loginterface $ext_if

# scrub
scrub in all

# nat/rdr
nat on $ext_if from $int_if:network to any -> ($ext_if)
rdr on $ext_if proto tcp from any to $ext_if/32 port 3389 -> 192.168.0.2
port 3389

# filter rules
block all

pass quick on lo0 all

block in log quick on $ext_if inet proto tcp from any to any flags FUP/FUP
block in log quick on $ext_if inet proto tcp from any to any flags SF/SFRA
block in log quick on $ext_if inet proto tcp from any to any flags /SFRA

block drop in log quick on $ext_if from $priv_nets to any
block drop out log quick on $ext_if from any to $priv_nets

pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services
flags S/SA keep state

pass in  on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state

pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
-------------------------------------------------------


>Hello,
>  I needed to redirect external conection to port 3389 on a pc of the
>internal
>network (192.168.0.2).
>
>(Internet)
>   \
>    \
>     (BSD Firewall + NAT + WebServer)
>      \
>       \
>        (Win PC, Remote desktop Enabled in port 3389)
>
>I attach all the pf rules, i probe this 2 lines, and nothing...
>Please, if something can help me.
>
>#rdr on $ext_if proto tcp from any to $ext_if/32 port 3389 -> 192.168.0.2
>port 3389
>
>#rdr on $ext_if proto tcp from any to any port 3380 -> 192.168.0.2 port
>3389
>
>
>Thanks in advance,
>Javier
>
>[demime 0.98d removed an attachment of type application/octet-stream]