DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 10th October 2013
bsd_matt bsd_matt is offline
Port Guard
 
Join Date: Oct 2013
Posts: 12
Thanked 0 Times in 0 Posts
Default pf = Perfectly Frustrating? =)

I am working at a web-host. I have pf setup (using rdr-to) to redirect internet IP's to the local LAN. The problem is that the local boxes see my Internet addy as the source and not the clients internet addy. Traffic is still getting routed correctly, but my SQL logs all show access from _myIP_ and not the real IP.

i.e. My internet IP range = 1.1.1.1 : 1.1.1.200
gateway = 1.1.1.1
www mapped to: 1.1.1.3
mysql = 1.1.1.4
ftp = 1.1.1.5
...etc.

When a client hits our web-server or sql box the logs on these boxes show "connection from 1.1.1.3" (which is the mapping from pf.conf for that 'service')
I want it to show: "connection from 123.54.22.244" or the clients actual IP

I have been mucking around with the pf.conf rules changing rdr-to into nat-to (and others...) but nothing 'fixes' it.

History: We have an old OpenBSD4.8 box that is currently running as our firewall/gateway. It does this behaviour as desired. I only see this issue on a new OBSDv5.3 that we are trying to migrate to.

Help... please!
Reply With Quote
 

Tags
openbsd 5.3 pf

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD installation goes perfectly passthejoe OpenBSD Installation and Upgrading 4 16th November 2012 02:40 AM
OBSD 4.9 Frustrating kernel panic on boot edwebdev OpenBSD General 1 16th July 2011 09:37 PM


All times are GMT. The time now is 10:17 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick