DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 24th June 2008
Dain_L Dain_L is offline
New User
 
Join Date: Jun 2008
Posts: 1
Thanked 0 Times in 0 Posts
Unhappy PF wont open port despite rules...

Hello,

I just dont get it. I have a PF firewall on my DSL connection with 3 internal network interfaces. On one of the internal networks (LNETTR) theres a web server and a smtp server.

However; despite redirections and filtering rules it doesn't work. The ports redirected does not open. If I scan myself all ports are still STEALTH.
Web surf and any outgoing traffic I allow works perfectly.

Any help would be appreciated.
Thnx in advance.

/U


Quote:
# $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $


# 1. Macros
lo_if = "lo0"

ext_if = "rl0"

UNET_if = "vr0"
UNET_network = "10.20.0.32/27"

LNETTR_if = "rl1"
LNETTR_network = "10.20.0.64/27"

# PUBNET_if = "rl2"
# PUBNET_network "10.20.0.96/27"

internal_networks = "{ 10.20.0.32/27, 10.20.0.64/27 }"
reserved_networks = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"

tcpservices = "{ 22, 21, 25, 80, 443, 1863, 5190 }"
udpservices = "{ 53 }"


# 2. Tables
# Tomt.

# 3. Options
set limit { states 50000, frags 50000 }
set block-policy drop
set optimization aggressive
# set loginterface $ext_if
set skip on $lo_if

# 4. Packet normalization
scrub in all

# 5. Queueing

# 6. Translation
nat on $ext_if from $internal_networks -> ($ext_if)
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on $UNET_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021
rdr pass on $LNETTR_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021
# rdr pass on $PUBNET_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021
rdr on $ext_if proto tcp from any to ($ext_if) port 80 -> <server ip> port 80
rdr on $ext_if proto tcp from any to ($ext_if) port 25 -> <server ip> port 25
rdr on $ext_if proto tcp from any to ($ext_if) port 53 -> <server ip> port 53



# 7. Filtering


block in all
block out all

block in quick on $ext_if from $reserved_networks to any
block out quick on $ext_if from any to $reserved_networks
block return in log quick on $UNET_if proto tcp from ! x.x.x.x to $UNET_if port 22

pass in on {$UNET_if, $LNETTR_if} proto tcp from $internal_networks to any port $tcpservices
pass in on {$UNET_if, $LNETTR_if} proto udp from $internal_networks to any port $udpservices

pass in on $ext_if proto tcp from any to ($ext_if) port 80 synproxy state
pass in on $ext_if proto tcp from any to ($ext_if) port 25

pass out on $LNETTR_if all
pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state


anchor "ftp-proxy/*"
antispoof for { $ext_if, $UNET_if, $LNETTR_if }

#EOF

Last edited by Dain_L; 24th June 2008 at 12:10 PM.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
namp show me a 1720 open port ?? killa74 OpenBSD Security 11 11th February 2009 02:55 PM
Firefox 3 port wont compile : libsoftokn3.so problems padmanabh FreeBSD Ports and Packages 3 8th October 2008 07:13 AM
How to open port 80 on FreeBSD kapom FreeBSD General 14 19th June 2008 04:48 AM
KDE wont start up dctr FreeBSD General 9 11th June 2008 05:59 AM
Why wont this compile? Johnny2Bad FreeBSD General 10 19th May 2008 11:30 PM


All times are GMT. The time now is 09:05 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick