DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 27th February 2013
petter petter is offline
Port Guard
 
Join Date: Feb 2013
Posts: 12
Thanked 0 Times in 0 Posts
Default port redirection problem in pf

hello im new with openbsd. i having problems with port forwarding on my openbsd 5.2 dhcp server.
i have forwarded port 80 and port 443 to my web server, its working from outside my lokal network, but its not working to visit mydomain.com when im in my local network. what rule du i need for making this happen?
pf.conf :
Code:
# Set network interfaces
ext_if="em0" #internet
int_if="em1" #LAN

wwwserver = "192.168.1.12"
openvpn ="192.168.1.148"
windows ="192.168.1.15"

services = "{ http, https, domain }"

# Non-routable IP numbers
nonroutable = "{ 192.168.0.0/16, 127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8,
    0.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, 204.152.64.0/23, 224.0.0.0/3,
    255.255.255.255/32 }"

# Skip all loopback traffic
set skip on lo

# DEFAULT IS BLOCK IN FROM INTERNET, PASS ALL ELSE
block log all
pass on $int_if all
pass out on $ext_if all

block in log quick on $ext_if inet proto icmp from any to any icmp-type redir
block in quick on $ext_if from $nonroutable to any
block out quick on $ext_if from any to $nonroutable

# Allow inbound traffic on internal interface
pass quick on $int_if

# Protect against spoofing
antispoof quick for { lo $int_if }
#NAT
##web server##
pass in quick on $ext_if proto { tcp } from any to any port { http, https } flags S/SA rdr-to $wwwserver
##openvpn##
pass in quick on $ext_if proto { tcp, udp } from any to any port { 1194 } flags S/SA rdr-to $openvpn
pass in quick on $ext_if proto { tcp } from any to any port { 2301 } flags S/SA rdr-to $openvpn
##windows##
pass in quick on $ext_if proto { tcp, udp } from any to any port { 32400 } flags S/SA rdr-to $windows

block return-rst in log quick on $ext_if inet proto tcp from any to any
block return-icmp in log quick on $ext_if inet proto udp from any to any
block in quick on $ext_if all
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OBSD 4.1/NAT port redirection/interception across 7 Class C's element OpenBSD Security 4 27th October 2010 08:17 PM
No redirection pass with one interface ? Simon OpenBSD Security 11 8th March 2010 11:51 AM
Boot problem. Geometry problem? gulanito FreeBSD Installation and Upgrading 0 3rd July 2009 03:03 AM
Local BOX Port Foward Problem paul-lkw FreeBSD Security 6 7th February 2009 06:47 PM
Redirection c0mrade Other BSD and UNIX/UNIX-like 1 11th July 2008 05:19 AM


All times are GMT. The time now is 03:12 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick