View Single Post
Old 27th June 2011
Dr-D's Avatar
Dr-D Dr-D is offline
Port Guard
 
Join Date: Jun 2011
Posts: 43
Default

I'm using synproxy because rocket357 suggested it might be a good idea since my 3Com router was constantly getting knocked offline due to syn-flood DoS attacks. Trying to do anything online these past six months has been an exercise in frustration because of the constant disconnections. Since I permanently switched over to my OpenBSD router six days ago I haven't experienced a single second of down time. Well, that's not entirely true, I had a few lockups on the BSD box on the first day but that was an over heating issue which was quickly solved. My BSD router is functioning beautifully with the firewall rule set I am using. Now I am trying to understand exactly what all the contents of of my pf.conf file mean and do. Unfortunately I'm one of those people who can read something a hundred times and it still might not sink in, but show me how to do something once and I'll remember it forever. The problem is trying to find the time to learn all this new stuff.

The problem I'm trying to solve now is how to connect to my internal web servers via URL rather than using the IP address of the box. I don't need to be able to do this, I just want to do this so that I can understand how it works.

As I mentioned, I've read the instructions here http://www.openbsd.org/faq/pf/rdr.html and made the appropriate changes to my inetd.conf and pf.conf files but it still doesn't work. All my Google searches end up taking me to the same FAQ.

Step by step this is what I did:
1. Add this line to inetd.conf
Code:
127.0.0.1:5000 stream tcp nowait proxy /usr/bin/nc nc -w 20 192.168.0.55 80
2. Start inetd
3. Add these lines to pf.conf
Code:
int_net="{ 192.168.0.0/24 }"
websrv="192.168.0.55"
pass in on $int_if proto tcp from $int_net to $ext_if port 80 rdr-to 127.0.0.1 port 5000 
pass in on $int_if proto tcp from $int_net to $ext_if port 80 rdr-to $websrv
pass out on $int_if proto tcp to $websrv port 80 received-on $int_if nat-to $int_if
4. Restart pf
5. Test URL connection
6. Connection fails and I curse vehemently at my lack of knowledge of something that is probably so easy even a caveman could do it.

I'm obviously over looking something in those instructions but I don't know what.
Reply With Quote