DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 11th October 2010
frenchface frenchface is offline
New User
 
Join Date: Oct 2010
Posts: 1
Thanked 0 Times in 0 Posts
Default port fowarding

So I want to forward port 22 from my wan (xl3) to my lan (xl0). The client computer i want to forward is 192.168.253.10

Code:
pass in log from xl3 proto tcp from any to any port 22 rdr-to 192.168.253.10 port 22
But thats not enough, if I do tcpdump on the client I do see the request however it will not connect.

I did see something about match command. Is that something that I need to do?
Reply With Quote
  #2   (View Single Post)  
Old 12th October 2010
wilfried's Avatar
wilfried wilfried is offline
Real Name: Peter Strömberg
Port Guard
 
Join Date: May 2008
Location: Teckomatorp, Sweden
Posts: 11
Thanked 3 Times in 3 Posts
Default

That's an invalid syntax, change the pass in from xl3 to pass in on xl3
You also probably want to nat outgoing traffic

Code:
pass in on xl3 inet proto { tcp udp } from any to (xl3) port ssh rdr-to 192.168.253.10
pass out on xl3
match out on xl3 from !(xl3) nat-to (xl3:0)
__________________
HP ProCurve 1800-24G, Phenom 9750, Dual Opteron 265, AMD64 3000+,
Dual P3-800, eMac G4 1.0GHz, Sun Blade 150, Alpha PWS 433 and more ...
Reply With Quote
  #3   (View Single Post)  
Old 12th October 2010
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 330
Thanked 9 Times in 9 Posts
Default

Quote:
Originally Posted by wilfried View Post
You also probably want to nat outgoing traffic
And if you're doing nat, don't forget to run:

sysctl net.inet.ip.forwarding=1
echo "net.inet.ip.forwarding=1" >>/etc/sysctl.conf

and the same if you're using ipv6:

sysctl net.inet6.ip6.forwarding=1
echo "net.inet6.ip6.forwarding=1" >>/etc/sysctl.conf
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Midori port roddierod OpenBSD Packages and Ports 18 6th January 2011 04:01 PM
SSH on port 443 maxrussell General software and network 4 6th April 2009 05:16 AM
Songbird port maxrussell FreeBSD Ports and Packages 1 2nd March 2009 10:47 AM
port forwarding ikevmowe OpenBSD Security 13 21st November 2008 06:03 PM
vlc port failing maxrussell FreeBSD Ports and Packages 11 27th May 2008 04:38 PM


All times are GMT. The time now is 07:52 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick