NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pf not redirecting packets
Okay, so maybe I'm just retarded, but I cannot for the life of me get pf to
redirect incoming packets to hosts behind the firewall. I've never had any
problems with it until I upgraded to 5.1_RC4. It's an i386 box, nothing
wacky about the kernel or hardware. It NAT's outgoing traffic fine, routes
my IPv6 traffic fine, blocks the stuff I tell it too, and lets in that which
I tell it to, but it won't redirect packets. Some help would be appreciated.
---- pf.conf ----
# $NetBSD: faq-example1,v 1.2 2008/06/18 09:06:26 yamt Exp $
# $OpenBSD: faq-example1,v 1.5 2006/10/07 04:48:01 mcbride Exp $
#
# Firewall for Home or Small Office
# http://www.openbsd.org/faq/pf/example1.html
#
# macros
ext_if="wm0"
int_if="re0"
tcp_services="{ 22, 113, 6600, 8333, 5060, 1194 }"
udp_services="{ 5060, 1194 }"
icmp_types="echoreq"
# options
set block-policy return
set loginterface $ext_if
set skip on lo
# scrub
scrub in
# nat/rdr
nat on $ext_if from !($ext_if) -> ($ext_if)
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $ext_if inet proto tcp from any to any port 6600 -> 192.168.2.25 port
6600
rdr on $ext_if inet proto tcp from any to any port 8000 -> 192.168.2.25 port
8000
# filter rules
block in quick on wm0
pass in quick on re0
pass out
anchor "ftp-proxy/*"
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any to any port $tcp_services flags
S/SA keep state
pass in on $ext_if inet proto tcp from any to any port $udp_services flags
S/SA keep state
pass in inet proto icmp all icmp-type $icmp_types
pass quick on $int_if no state
---- end pf.conf ----
--
EMFN(SU) Byron Grobe, USN
Home |
Main Index |
Thread Index |
Old Index