[Nolug] openBSD pf help

From: Dennis Bourn <dbourn1_at_tulane.edu>
Date: Mon, 11 Apr 2005 23:00:22 -0500
Message-ID: <425B47D6.3070803@tulane.edu>

Hi list,
ive been lurking on the list for a little while and noticed a couple bsd
people in here. I thought perhaps one of you could help me. Ive been
using various bsd's for about a year, but this current problem is really
making me feel as if i dont understand any of it.
anyway,.. on to the problem.
Ive been using openBSD 3.6 and pf as my firewall for a while now without
any problems. Now i would like to accept web traffic inbound for a
project im working on, but i seem to be stuck. Lines straight out of the
pf faq on openbsd.org result in an error. Ive tried the following line
in countless ways without any luck.
(copied straight out of the faq)
rdr on $ext_if proto tcp from any to $ext_if port 80 -> $server \
   port 80

gives me this error

# pfctl -f /etc/pf.conf
/etc/pf.conf:30: port only applies to tcp/udp
/etc/pf.conf:30: skipping rule due to errors
/etc/pf.conf:30: rule expands to no valid combination
pfctl: Syntax error in config file: pf rules not loaded

Ive tried using :80 instead of "port 80", ive tried using my external ip
in place of the second $ext_if, ive used the internal IP of my webserver
inplace of $server,.. etc, etc, each time getting the same error.

ill copy my entire pf.conf here to aid in troubleshooting,.. if anyone
sees anything ive overlooked please let me know.

Thanks in advance
Dennis
"ive got a headache this big *holds hands out* and its got BSD written
all over it" i love you BSD but your killing me here

--------------- begin pf.conf (ip sanitized even though it is in this
emails headers) ---------------------------

# Macros
ext_if="fxp0"
int_if="rl0"

#table <spamd> persist
#table <spamd-white> persist

scrub in

nat on $ext_if from !($ext_if) -> ($ext_if:0)
rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
#rdr pass on $ext_if proto tcp from <spamd> to port smtp \
# -> 127.0.0.1 port spamd
#rdr pass on $ext_if proto tcp from !<spamd-white> to port smtp \
# -> 127.0.0.1 port spamd
rdr pass on $ext_if proto tcp from any to 1.2.3.4 port 80 \
        -> 192.168.1.3 port 80
#rdr pass on $ext_if proto tcp from any to ($ext_if) port 21 ->
192.168.1.3:22

block in
pass out keep state
pass in log from any to any port 80

pass quick on { lo $int_if }
antispoof quick for { lo $int_if }

pass in on $ext_if proto tcp to ($ext_if) port > 49151 user proxy keep state
pass in on $int_if proto tcp to ($int_if) port ssh keep state
pass in log on $ext_if proto tcp to ($ext_if) port ssh keep state
#rdr on $ext_if proto tcp from any to ($ext_if) port 80 -> 192.168.1.2
#pass out log on $ext_if proto tcp from ($ext_if) to port smtp keep state

------------ end pf.conf ------------------

___________________
Nolug mailing list
nolug@nolug.org
Received on 04/11/05

This archive was generated by hypermail 2.2.0 : 12/19/08 EST