Ok, i've tried but failed. Damn
So i've been working for past couple hours to get pf to forward to webserver on internal net,but no luck. I can nmap and get an open port from remote location but if i try to enter ip it just sits there for quite a while. I've read the debugging guide and still having trouble. I run tcpdump on both ext and int and they both show the packets on both passing though, so i guess the pf in is working but no out maybe??? Anyways heres my pf.conf any help would be great as there might be a whole pile hair under my chair by the time i figure this out.
ext_if="em0"
int_if="re0"
wifi_if="ral0"
local_net="{192.168.0.1/24, 192.168.1.1/24}"
server="{ 192.168.0.10 }"
icmp_types="echoreq"
tcp_flags="flags S/SA keep state"
table <abusers> persist
set require-order no
set skip on lo
scrub in all
nat on $ext_if from !($ext_if) -> ($ext_if:0)
rdr pass on $ext_if proto { tcp udp } from any to any port 80 -> $server port 80
block drop all
block in quick from <abusers>
pass out on $ext_if proto tcp all flags S/SA keep state
pass out on $ext_if proto { udp,icmp } all keep state
pass in quick inet proto icmp all icmp-type $icmp_types keep state
pass in quick on $ext_if proto { tcp udp } from any to $server port 80 flags S/SA synpro$
pass in quick on $wifi_if proto tcp to ($wifi_if) port ssh $tcp_flags (max-src-conn 8, m$
pass quick on { lo, $int_if, $wifi_if }
antispoof quick for { lo, $int_if, $ext_if, $wifi_if }
|