|
|
|||
Open 5.4 change rule to rdr
I'm struggling to apply an exception of a redirection in PF with Openbsd 5.4.
As the syntax has changed, I'm still picking up. I have the following rule in previous versions: no rdr on $int_local proto tcp from <adm> to any port { 80 443 } For the version of PF tried with openbsd 5.4 no pass in on $int_local proto tcp from <adm> to any port { 80 443 } but it did not work? Does anyone know how is this syntax? Thanks! |
|
||||
Hello, once again. As I answered when you asked this same question in December, there is no longer a direct equivalent to no rdr. As you have discovered, no pass is not part of the language of PF.
I will try once again to explain how to manage exceptions to rdr-to rules, and to be more clear, if I can:
All we have from you is your single no rdr rule from your pre-4.7 system, and that is insufficient information to help you further, if these instructions are still unclear to you. |
|
|||
Although dealing with no nat you could have a look at http://daemonforums.org/showthread.php?t=5851
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Already tried anyway rdr do with version 5.4 of the PF but not working.
I read the documentation, I tried several ways but could not. I wish someone analyze my pf.conf below to know where I am going wrong. Code:
srv01_int = 192.168.42.11 srv02_int = 192.168.42.12 srv02_ext = 200.200.200.10 srv03_ext = 200.200.200.13 srv04_int = 192.168.42.13 host_fw = 200.200.200.2 # BINAT match on $ext_if from $srv02_int to any binat-to $srv02_ext pass on $ext_if from $srv02_int to any binat-to $srv02_ext # NAT match out on $ext_if from $srv01 to any nat-to $host_fw pass out on $ext_if from $srv01 to any nat-to $host_fw # RDR pass in on $ext_if proto udp from any to $srv03_ext port 59925 rdr-to $srv04_int port 59925 pass in on $ext_if proto tcp from any to $srv03_ext port 80 rdr-to $srv04_int port 80 # Deny Policy block in log all block out log all # Traffic Loopback pass in quick on lo0 all pass out quick on lo0 all # Ancor FTP anchor "ftp-proxy/*" # Rules srv01 pass log quick from $srv01_int to any keep state # Rules srv04 pass log quick proto tcp from any to $srv04_int port { 80 59925 } keep state Last edited by ocicat; 27th June 2014 at 11:16 PM. Reason: Please use [code] & [/code] tags when posting configuration file contents. |
|
|||
Hi jggimi,
Thanks for the reply. From what I saw my rules are not working due to the error in positioning the default policy, which is block. I'll change the file and test again. Post here the result. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
pf NAT rule isn't working | flit | OpenBSD Security | 8 | 30th September 2013 02:45 AM |
Help with my pf rule please | whispersGhost | OpenBSD Security | 0 | 19th April 2012 07:54 AM |
Help please open port 8005 pf rule set | whispersGhost | OpenBSD Security | 6 | 16th April 2012 11:07 PM |
pf: why is that rule not working? | ivanatora | FreeBSD General | 14 | 11th December 2008 09:32 AM |