Thread: pf rdr problem
View Single Post
  #1   (View Single Post)  
Old 19th March 2010
SchippStrich SchippStrich is offline
New User
 
Join Date: Mar 2010
Location: /dev/null
Posts: 7
Default pf rdr problem

I've been trying to solve this problem for about two weeks now and can't seem to figure it out.

I'm trying to do redirection to ingress traffic hitting my external interface(WAN address) to a server on my LAN.
xl1 - is the external int
xl0 - is the internal int and the gateway for the "server". Private addressing (192.168.1.*)
fxp0 - is another internal interface for my wireless clients. Priv addressing (192.168.2.*)
The server is 192.168.1.20 port 666
I can't seem to access the particular service on port 666 from outside my network or from within my network on fxp0 but I can access it from being on the xl0 network which is the same network that the server is on (Addresses in the 192.168.1.* network)

Code:
set require-order no
set skip on lo
set block-policy drop
scrub in on xl1 all
# NAT/filter rules and anchors for ftp-proxy(8)
nat on xl1 from 192.168.1.0/24 to any -> (xl1)
nat on xl1 from 192.168.2.0/24 to any -> (xl1)
##Redirect traffic on xl1 to 192.168.1.20 with port 666 in the TCP segment#
rdr pass on xl1 proto tcp from any to xl1 port 666 \
-> 192.168.1.20
##I thought this would allow traffic back out the external int to the WAN###
pass proto tcp from 192.168.1.20 to any port 666 \
flags S/SA keep state
###I thought this would allow access from my internal networks###
pass proto tcp from any to any port 666

# NAT/filter rules and anchors for relayd(8)
#rdr-anchor "relayd/*"
#ftp redirection/forwarding
#anchor "relayd/*"
## I had a DNS server running at one point##
block in on xl1 proto tcp from any to any port 53
block out on xl1 proto tcp from any to any port 53
block in on xl1 proto { tcp, udp } from any to any port { 136, 137, 138, 139, 445}
block out on xl1 proto { tcp, udp } from any to any port { 136, 137, 138, 139, 445}
block in on xl1 proto { tcp, udp } from any to 192.168.1.5
block out on xl1 proto { tcp, udp} from 192.168.1.5 to any
block inet proto icmp all icmp-type timerep
block inet proto icmp all icmp-type timereq
Reply With Quote