|
FreeBSD Security Securing FreeBSD. |
|
Thread Tools | Display Modes |
|
|
|||
Anyone have a working pf redirect rule?
I've been trying for hours now to redirect a port on my external wan ip to an internal machine. I've tried various combinations of
Code:
rdr on $ext_if proto udp from any to $ext_if port 32400 -> 192.168.1.32 port 32400 Code:
rdr on $ext_if proto tcp from any to any port 32400 -> 192.168.1.32 Here is the whole pf.conf Code:
# Set some variables for use later ext_if="em0" int_if="ix0" icmp_types="echoreq" # Skip all loopback traffic set skip on lo # Scrub all traffic scrub in # Perform NAT on external interface #rdr on $ext_if proto udp from any to $ext_if port 32400 -> 192.168.1.32 port 32400 nat on $ext_if from $int_if:network -> ($ext_if:0) rdr on $ext_if proto tcp from any to any port 32400 -> 192.168.1.32 # Define default behavior block in pass out keep state # Allow inbound traffic on internal interface pass quick on $int_if # Protect against spoofing antispoof quick for { lo $int_if } # Allow other traffic pass in on $ext_if proto tcp to ($ext_if) port 32400 flags S/SA keep state |
|
|||
First of all I am not an expert with fw's lol.
Looking at your rdr rule and comparing it with examples in The Book of PF, the rdr line itself seems right. I believe rdr requires another rule passing the traffic as well. Which is what it looks like you are doing here. Code:
pass in on $ext_if proto tcp to ($ext_if) port 32400 flags S/SA keep state Are em0 and 192.168.1.32 the same device? |
|
|||
Thanks for the reply. em0 is my wan ip address and 192.168.1.32 is a separate box on my internal network.
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Tricky inbound redirect with pf | wbe | OpenBSD Security | 12 | 15th February 2019 02:01 PM |
pf NAT rule isn't working | flit | OpenBSD Security | 8 | 30th September 2013 02:45 AM |
redirect outgoing http | petter | OpenBSD Security | 8 | 25th March 2013 04:56 PM |
VNC and sound redirect | DNAeon | FreeBSD Ports and Packages | 2 | 16th September 2009 07:52 PM |
pf: why is that rule not working? | ivanatora | FreeBSD General | 14 | 11th December 2008 09:32 AM |