Dear Stuart your reply is very much appriciated ! Thank you for sparing some
time to help me out.
I am pasting the rules so you can understand what I did. If I understand
correctly I did what you suggest allready!
Take a look :
Nat - Rdr Rules :
nat on $ext_if from { 192.168.0.1 192.168.0.2 192.168.0.3 192.168.0.4
192.168.0.69 192.168.0.227 } to any -> ($ext_if)
#
rdr on $ext_if proto tcp from any to ($ext_if) port 3389 -> 192.168.0.1 port
3389
rdr on $ext_if proto tcp from any to ($ext_if) port 65500 ->
192.168.0.2port 3389
Filtering Rules :
pass in on $ext_if proto tcp from any to any port 3389 keep state
pass in on $ext_if inet proto tcp from any to ($ext_if) port 65500 keep
state
Best Regards
Alex
On 6/13/06, Stuart Henderson <[EMAIL PROTECTED]> wrote:
>
> On 2006/06/13 22:57, Alex Stamatis wrote:
> > The translation is offcourse BEFORE the filtering ! Any other thoughts
> about
> > the problem ?
>
> I don't mean, being listed first in pf.conf. I'm talking about
> the order of actions on the packet.
>
> 1. Packets come into your box addressed to port 65500
> 2. NAT is carried out, port in packet is rewritten to 3389
> 3. Filter is carried out, port in packet says 3389:
> - does this match "pass in...to port 65500"? - no.
> - does this match "pass in...to port 65501"? - no.
>
> The pass in rule must be for the *rewritten* port, i.e. 3389
>
> If this is hard to understand, forget the separate 'pass in'
> rules and just use 'rdr pass'.
