|
|||
new to pf
hello experts,
I am new to pf. I would like to port forwarding 80 on my machines. Everything works fine, but port 80 is not open. I have tried my best, but still not luck. Kindly advise on how to imporve my pf. ext_if = "tl0" int_if = "re0" dmz_if = "cl0" icmp_types = "{unreach}" tcp_services = "{www}" match out on $ext_if from any nat-to ($ext_if) match in on $ext_if proto tcp from any to any port 80 tag WWW rdr-to 192.168.1.3 port 80 block log all block all pass out keep state set skip on lo set skip on $int_if set skip on $dmz_if pass out on $ext_if proto tcp to any port $tcp_services ## below line might not be necessary, but I want to make sure port 80 is open pass in on $ext_if proto tcp from any to any port 80 rdr-to 192.168.1.3 pass inet proto icmp all icmp-type $icmp_types keep state pass in quick on $ext_if tagged WWW pass out quick on $ext_if inet all keep state pass out quick on $dmz_if tagged WWW #By default, do not permit remote connections to X11 block in on ! lo0 proto tcp to port 6000:6010 ## another OpenBSD fan |
|
|||
Yes, 192.168.1.3 is my web_server addr. I have one int_if machine 10.0.0.1 I just add these two lines, please correct me.
pass in quick on $int_if from 10.0.0.1 to any flags S/SA pass in quick on $dmz_if from 192.168.1.3 ## is this ok? |
|
|||
These two addresses are not on the same subnet. Do you have a router located inside the firewall?
|
|
|||
Yes.
|
|
|||
Can anyone point me to a right direction? I tried to add or remove some lines, but still no luck.
|
Thread Tools | |
Display Modes | |
|
|