DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 19th March 2010
SchippStrich SchippStrich is offline
New User
 
Join Date: Mar 2010
Location: /dev/null
Posts: 7
Thanked 0 Times in 0 Posts
Default pf rdr problem

I've been trying to solve this problem for about two weeks now and can't seem to figure it out.

I'm trying to do redirection to ingress traffic hitting my external interface(WAN address) to a server on my LAN.
xl1 - is the external int
xl0 - is the internal int and the gateway for the "server". Private addressing (192.168.1.*)
fxp0 - is another internal interface for my wireless clients. Priv addressing (192.168.2.*)
The server is 192.168.1.20 port 666
I can't seem to access the particular service on port 666 from outside my network or from within my network on fxp0 but I can access it from being on the xl0 network which is the same network that the server is on (Addresses in the 192.168.1.* network)

Code:
set require-order no
set skip on lo
set block-policy drop
scrub in on xl1 all
# NAT/filter rules and anchors for ftp-proxy(8)
nat on xl1 from 192.168.1.0/24 to any -> (xl1)
nat on xl1 from 192.168.2.0/24 to any -> (xl1)
##Redirect traffic on xl1 to 192.168.1.20 with port 666 in the TCP segment#
rdr pass on xl1 proto tcp from any to xl1 port 666 \
-> 192.168.1.20
##I thought this would allow traffic back out the external int to the WAN###
pass proto tcp from 192.168.1.20 to any port 666 \
flags S/SA keep state
###I thought this would allow access from my internal networks###
pass proto tcp from any to any port 666

# NAT/filter rules and anchors for relayd(8)
#rdr-anchor "relayd/*"
#ftp redirection/forwarding
#anchor "relayd/*"
## I had a DNS server running at one point##
block in on xl1 proto tcp from any to any port 53
block out on xl1 proto tcp from any to any port 53
block in on xl1 proto { tcp, udp } from any to any port { 136, 137, 138, 139, 445}
block out on xl1 proto { tcp, udp } from any to any port { 136, 137, 138, 139, 445}
block in on xl1 proto { tcp, udp } from any to 192.168.1.5
block out on xl1 proto { tcp, udp} from 192.168.1.5 to any
block inet proto icmp all icmp-type timerep
block inet proto icmp all icmp-type timereq
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Boot problem. Geometry problem? gulanito FreeBSD Installation and Upgrading 0 3rd July 2009 03:03 AM


All times are GMT. The time now is 09:50 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick