[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF Problem, can't route to my internal webserver

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: PF Problem, can't route to my internal webserver
From: Jesse Lucas <jlucas_(_at_)_neoprimitive_(_dot_)_net>
Date: Thu, 24 Feb 2005 17:42:01 -0500

Brad wrote:

You missed this part in the User's Guide...

NOTE: Translated packets must still pass through the filter engine
and will be blocked or passed based on the filter rules that have
been defined.


I read it, but I didn't grok it.

The rdr rule didn't work because you didn't add a rule to allow the traffic
through. Adding the ``pass'' keyword is a shortcut for adding such a rule
but depending on what you're doing you might want to write a proper pass
rule instead of using the shortcut.

Thanks for the enlightenment. Is there anything inherently less secure about doing it this way, without a rule farther down?

rdr pass on $ext_if proto tcp from any to any port 80 -> 192.168.1.127 \
port 80

-J

Follow-Ups:
- Re: PF Problem, can't route to my internal webserver
  - From: Brad

References:
- Re: PF Problem, can't route to my internal webserver
  - From: Jesse Lucas
- Re: PF Problem, can't route to my internal webserver
  - From: Brad

Prev by Date: Re: Sound auvia (VIA VT8233 AC97)
Next by Date: DHCP failover (pools)
Previous by thread: Re: PF Problem, can't route to my internal webserver
Next by thread: Re: PF Problem, can't route to my internal webserver
Index(es):
- Date
- Thread

Visit your host, monkey.org