I am not OpenBSD or pf person, and Scott seems to know his stuph, but I
find that bsdforums.org is very helpful for *BSD related questions.
Brett
On Mon, 11 Apr 2005 23:43:19 -0500, "Scott Harney"
<scotth@scottharney.com> said:
> Dennis Bourn wrote:
> > Hi list,
>
> > rdr on $ext_if proto tcp from any to $ext_if port 80 -> $server \
> > port 80
>
> $server isn't set in your pf.conf.
>
> This may work better:
> $server="ip.ad.dr.es"
> rdr on $ext_if inet proto tcp from any to ($ext_if) port 80 \
> -> $server port 80
>
> However, my NAT inbound rule looks like this:
> rdr on $ExtIF proto tcp from any to any port 80 -> 192.168.1.8 port 80
>
> Also, the pf.conf below says "rdr pass on ..." instead of "rdr on". That
> means that filters will not be applied to packets that match the rule --
> probably not what you want. Also in my pf.conf that "nat on" rule comes
> after the "rdr" rules.
>
>
> > gives me this error
> >
> > # pfctl -f /etc/pf.conf
> > /etc/pf.conf:30: port only applies to tcp/udp
> > /etc/pf.conf:30: skipping rule due to errors
> > /etc/pf.conf:30: rule expands to no valid combination
> > pfctl: Syntax error in config file: pf rules not loaded
> >
> > Ive tried using :80 instead of "port 80", ive tried using my external ip
> > in place of the second $ext_if, ive used the internal IP of my webserver
> > inplace of $server,.. etc, etc, each time getting the same error.
> >
> > ill copy my entire pf.conf here to aid in troubleshooting,.. if anyone
> > sees anything ive overlooked please let me know.
> >
> > Thanks in advance
> > Dennis
> > "ive got a headache this big *holds hands out* and its got BSD written
> > all over it" i love you BSD but your killing me here
> >
> > --------------- begin pf.conf (ip sanitized even though it is in this
> > emails headers) ---------------------------
> >
> > # Macros
> > ext_if="fxp0"
> > int_if="rl0"
> >
> > #table <spamd> persist
> > #table <spamd-white> persist
> >
> > scrub in
> >
> > nat on $ext_if from !($ext_if) -> ($ext_if:0)
> > rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
> > #rdr pass on $ext_if proto tcp from <spamd> to port smtp \
> > # -> 127.0.0.1 port spamd
> > #rdr pass on $ext_if proto tcp from !<spamd-white> to port smtp \
> > # -> 127.0.0.1 port spamd
> > rdr pass on $ext_if proto tcp from any to 1.2.3.4 port 80 \
> > -> 192.168.1.3 port 80
> > #rdr pass on $ext_if proto tcp from any to ($ext_if) port 21 ->
> > 192.168.1.3:22
> >
> > block in
> > pass out keep state
> > pass in log from any to any port 80
> >
> > pass quick on { lo $int_if }
> > antispoof quick for { lo $int_if }
> >
> > pass in on $ext_if proto tcp to ($ext_if) port > 49151 user proxy keep
> > state
> > pass in on $int_if proto tcp to ($int_if) port ssh keep state
> > pass in log on $ext_if proto tcp to ($ext_if) port ssh keep state
> > #rdr on $ext_if proto tcp from any to ($ext_if) port 80 -> 192.168.1.2
> > #pass out log on $ext_if proto tcp from ($ext_if) to port smtp keep state
> >
> > ------------ end pf.conf ------------------
> >
> >
> >
> > ___________________
> > Nolug mailing list
> > nolug@nolug.org
> >
>
>
> --
> Scott Harney<scotth@scottharney.com>
> "Asking the wrong questions is the leading cause of wrong answers"
> gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
> ___________________
> Nolug mailing list
> nolug@nolug.org
___________________
Nolug mailing list
nolug@nolug.org
Received on 04/12/05
This archive was generated by hypermail 2.2.0 : 12/19/08 EST