I am currently trying to open up a few ports on my firewall to allow an
internal
windows home server to provide services to the outside world.
My OpenBSD version is OpenBSD 4.5-current (GENERIC) #6: Sat May 16 21:50:41
MDT 2009
I am trying to use the simple proxy method mentioned in the faq on the
OpenBSD.org to
forward internal requests to the external ip address to the home server.
However, I can't get there from here. Neither internal nor external
requests to the
external ip address work. A msdos telnet session to the external ip
address, port 25
returns an SMTP 421 error immediately and exits.
Any help on opening up these ports would be greatly appreciated, below is my
current
pf.conf, as well as (slightly edited) output of ifconfig for the internal
(ingress)
and external (egress) interfaces on the firewall.
NAT is working internally, and I am able to both send email and read web
pages (among
other stuff.)
--pf.conf-------------------------------------------------------------------
----------
# pf.conf created july 6, 2009
# author: Anathae Townsend
# macros
homeserv = "192.168.0.195"
homeport = "{http, https, 4125, smtp, pop3, imap }"
# skip loop back, makes rules quicker
set skip on lo
# redirects for home server
rdr on egress proto tcp from any to egress port $homeport -> $homeserv
# redirects for internal web access to proxy server
rdr on ingress proto tcp from ingress:network to egress port 80 -> 127.0.0.1
port 5000
# NAT rules to allow inside->out
nat on egress from ingress:network -> (egress)
# allow internal systems to make connection
pass in # to establish keep-state
# allow home server services
pass proto tcp from any to $homeserv port $homeport synproxy state
pass proto tcp from $homeserv to any port smtp synproxy state
# By default, do not permit remote connections to X11
block in on ! lo0 proto tcp from any to any port 6000
--ifconfig
sk0------------------------------------------------------------------------
sk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:1e:58:ab:13:8c
priority: 0
groups: ingress
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
inet 192.168.0.51 netmask 0xffffff00 broadcast 192.168.0.255
--ifconfig
rl0------------------------------------------------------------------------
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:05:5d:d2:6e:48
priority: 0
groups: egress
media: Ethernet autoselect (10baseT half-duplex)
status: active
inet #.#.#.# netmask 0xffffff80 broadcast #.#.#.#
