DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 24th July 2010
basn basn is offline
New User
 
Join Date: Jul 2010
Posts: 2
Thanked 0 Times in 0 Posts
Default OpenBSD 4.7 and PF with NAT and rdr

Hi i just installed a new box with 4.7, i am having trouble getting port redirection to work.
In 4.6 i did:
Code:
rdr pass on $ext_if proto tcp from !<deny_ips> to $ext_if port 3389 -> machine port 3389
That wont work for me now days, so i tried the new versions that i could think of and been reading the Docs but i cant get a grip on it this is the current thing i got in my config:
Code:
pass in on egress inet proto tcp from <known_ips> to (egress) port 3389 rdr-to $machine
The thing is that i get the port filtered if i apply "keep synproxy" i get the port open but msrdp isnt working, what am i doing wrong since i cant seem to figure this out myself? thanks in advance.
Reply With Quote
  #2   (View Single Post)  
Old 25th July 2010
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,435
Thanked 214 Times in 189 Posts
Default

It is unclear to me if you get port forwarding when you do not use TCP Syn Proxy.

Is your egress group using a bridge(4)?
Reply With Quote
  #3   (View Single Post)  
Old 25th July 2010
basn basn is offline
New User
 
Join Date: Jul 2010
Posts: 2
Thanked 0 Times in 0 Posts
Default

ive been troubleshooting abit more and it looks like its the machine that im trying to forward to thats the troublemaker...
Reply With Quote
  #4   (View Single Post)  
Old 25th July 2010
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,435
Thanked 214 Times in 189 Posts
Default

See sections b and c in:

http://www.daemonforums.org/showthread.php?t=596
Reply With Quote
  #5   (View Single Post)  
Old 25th July 2010
wesley wesley is offline
Real Name: Wesley
Fdisk Soldier
 
Join Date: Aug 2009
Location: Reunion Island
Posts: 71
Thanked 1 Time in 1 Post
Default

Hi

Why not take a tour at http://mouedine.net/ruleset47.aspx
It is a good sample to start and understand the PF syntax
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD wwww.openbsd.org//ftp.openbsd.org downtime - Sunday Mar 21, 0800-1530 MDT J65nko News 0 19th March 2010 10:28 PM


All times are GMT. The time now is 07:41 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick