DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 23rd October 2009
joseche joseche is offline
Real Name: Jose H
New User
 
Join Date: Oct 2009
Location: Costa Rica
Posts: 2
Thanked 0 Times in 0 Posts
Angry New syntax for "nat" and "rdr"

Hi all, I just upgraded to 4.6-stable and I'm having two syntax errors on /etc/pf.conf I just can't figure out:

Quote:
pass in on $int_if inet proto tcp from 172.16.0.0/12 to any port www rdr-to 127.0.0.1 port 3128

pass out on $ext_if from 172.16.0.0/12 to any nat-to $ext_if
Any idea ?
Reply With Quote
  #2   (View Single Post)  
Old 23rd October 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,829
Thanked 214 Times in 189 Posts
Default

My nat-to uses match, instead of pass, as it is very general:
Code:
match out on $external_nic from !($external_nic) nat-to ($external_nic)
A rdr-to line, note the from, and no use of on:
Code:
pass in log quick proto tcp from $internal_net to any port www \
        rdr-to 127.0.0.1 port 8080
Reply With Quote
  #3   (View Single Post)  
Old 23rd October 2009
joseche joseche is offline
Real Name: Jose H
New User
 
Join Date: Oct 2009
Location: Costa Rica
Posts: 2
Thanked 0 Times in 0 Posts
Smile

I just found that the problem was when updating from 4.6-current to 4.6-stable, 4.6-current uses nat-to and rdr-to, and 4.6-stable uses the old syntax....

thanks!
Reply With Quote
  #4   (View Single Post)  
Old 23rd October 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,829
Thanked 214 Times in 189 Posts
Default

Oh, yes.

The reason -stable is called "stable" is that it is functionally equivalent to the -release. FAQ 5.1 has a detailed explanation.

I'm a -current user, so I'm not always aware of what specific new functionality I'm using may be beyond -release/-stable. I recall going through the nat/rdr transition, but I didn't remember if it was before or after 4.6 was finalized.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fixed "xinit" after _7 _8, "how" here in case anyones' "X" breaks... using "nvidia" jb_daefo Guides 0 5th October 2009 09:31 PM
"Thanks" and "Edit Tags". diw Feedback and Suggestions 2 29th March 2009 12:06 AM
Scripted sysinstall fails with "Command 'system' failed" PeterSteele FreeBSD Installation and Upgrading 0 13th November 2008 11:31 PM
Newbie-friendly "printing in OpenBSD" guide wanted Shagbag OpenBSD Packages and Ports 5 7th July 2008 09:26 PM


All times are GMT. The time now is 05:16 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick