View Single Post
  #1   (View Single Post)  
Old 8th July 2009
birdmansdomain birdmansdomain is offline
Port Guard
 
Join Date: Jun 2009
Posts: 13
Default Ok, i've tried but failed. Damn

So i've been working for past couple hours to get pf to forward to webserver on internal net,but no luck. I can nmap and get an open port from remote location but if i try to enter ip it just sits there for quite a while. I've read the debugging guide and still having trouble. I run tcpdump on both ext and int and they both show the packets on both passing though, so i guess the pf in is working but no out maybe??? Anyways heres my pf.conf any help would be great as there might be a whole pile hair under my chair by the time i figure this out.

ext_if="em0"
int_if="re0"
wifi_if="ral0"
local_net="{192.168.0.1/24, 192.168.1.1/24}"
server="{ 192.168.0.10 }"
icmp_types="echoreq"
tcp_flags="flags S/SA keep state"
table <abusers> persist

set require-order no
set skip on lo
scrub in all

nat on $ext_if from !($ext_if) -> ($ext_if:0)
rdr pass on $ext_if proto { tcp udp } from any to any port 80 -> $server port 80

block drop all
block in quick from <abusers>

pass out on $ext_if proto tcp all flags S/SA keep state
pass out on $ext_if proto { udp,icmp } all keep state

pass in quick inet proto icmp all icmp-type $icmp_types keep state
pass in quick on $ext_if proto { tcp udp } from any to $server port 80 flags S/SA synpro$
pass in quick on $wifi_if proto tcp to ($wifi_if) port ssh $tcp_flags (max-src-conn 8, m$
pass quick on { lo, $int_if, $wifi_if }

antispoof quick for { lo, $int_if, $ext_if, $wifi_if }
Reply With Quote