On 18.01.2014 01:49, Matt M wrote:
I am using PF on 5.4-stable to NAT and firewall my network, but I can't get port forwarding to work. All requests end up at the OpenBSD box and go no further. For instance, I opened port 22 in PF to forward to a Centos box, but ssh on the openbsd box still takes the request. Port 80 isn't working at all, as there is no apache on the openbsd box. PF is running on 192.168.2.160 and apache is on 192.168.2.170. I can access apache by directly connecting to 192.168.2.170Thanks for any help. PF.conf --------------- ext_if = "dc0" int_if = "vr0" icmp_types="echoreq" #OPTIONS set block-policy return set loginterface egress set skip on lo #default block incoming traffic block in log #PORT FORWARDING pass in on egress proto tcp from any to any port 22 rdr-to 192.168.2.170 port 22 pass in on egress proto tcp from any to any port 80 rdr-to 192.168.2.170 port 80 #NAT the entire network match out on egress inet from !(egress:network) to any nat-to (egress:0) #pass outgoing traffic through firewall with no checking pass out quick #antispoof protection antispoof quick for { lo $int_if } pass in inet proto icmp all icmp-type $icmp_types
If you run the tests from your internal network I suggest that you read this page carefully: http://openbsd.org/faq/pf/rdr.html. Pay special attention to the subchapter Redirection and Reflection
HTH, Bruno
