Just got it!
rdr e1000g1 from 10.1.1.1/32 to 192.168.1.1 port = 22 -> 192.168.1.1
port 873 tcp
seems to do the trick. I was just hung up on the rdr 'from' syntax...
Thanks for the input!
Erich Weiler wrote:
I'm nearly there, but I'm still not quite getting what I want, but
close... This is a more clear breakdown, I think, of what I need:
1: I need all traffic FROM 10.1.1.1 on dest port 22 to be redirected to
port 1000 on 192.168.1.1
2: I need ALL OTHER traffic from anywhere else with dest port 22 to
simply connect to port 22 and not be redirected.
Is that configuration possible? Basically I'm trying to get anyone who
wants to connect with SSH to be able to connect, except I want one host
specifically (10.1.1.1) to be redirected to port 1000 when they try to
connect via SSH.
Thanks so much for the replies!
-erich
Randy Beaudreault wrote:
On Jul 8, 2009, at 6:27 PM, Erich Weiler wrote:
Thanks Bart!
It almost works... Now it seems to redirect ALL traffic with a dest
port of 22 to port 1000, not just traffic from 10.1.1.1. My files
look like this:
ipnet.conf:
rdr e1000g1 0.0.0.0/0 port 22 -> 192.168.1.1 port 1000 tcp
The 0.0.0.0/0 stands for all addresses.
ipf.conf:
block in on e1000g1 all
pass in on e1000g1 proto tcp from 10.1.1.1 to 192.168.1.1 port = 22
flags S keep state
pass in on e1000g1 all
Maybe I made a typo somewhere?
Use quick on the second line:
pass in quick on e1000g1 proto tcp from 10.1.1.1 to 192.168.1.1 port =
22 flags S keep state
Quick tells ipfilter to run that line immediately and pass that
traffic in.
Remove the third line since it defeats the purpose of the first line.
--
Randy
OS X - UNIX for the rest of us
NetBSD - It's Explosive!
Marten - Prograph for OS X. Yes!
