Thanks to all for the help.
Martin Toft wrote:
On Tue, Jan 16, 2007 at 09:32:02AM -0500, Charles Farinella wrote:
I have an OpenBSD 3.9 machine with a public IP providing NAT and
firewalling for our internal network. It has 3 interfaces:
dc0: public ip from internet X.X.X.25
dc1: 192.168.100.x to internal network. This works well.
dc2: 192.168.200.x --> to Windows server.
I need to allow public access to the Windows server connected to dc2
(one port only). Currently I have a private network address assigned
to dc2 and a public one (X.X.X.26) assigned to the machine connected
to it.
You should put a private 192.168.200.x IP address on the Windows box,
not a global X.X.X.26 address. Afterwards, do a simple port forwarding
(redirection in pf language) at the OpenBSD box, e.g.
I currently have it set up like this:
dc0 = X.X.X.25
dc2 = 192.168.200.254
test_box = 192.168.25.123
services = "{ ssh, smtp, http, https }"
I have the following in my pf.conf:
rdr pass on dc0 proto tcp from any to X.X.X.25 port 80 -> 192.168.25.122
port 80
If I ssh into the X.X.X.25 box I can access the test_box on port 80. I
cannot access X.X.X.25 port 80 however.
I've been using pfctl -f /etc/pf.conf to reload my rules. I see no
reference in my pflog to any attempts to access port 80 on X.X.X.25.
Remember to set up a default route on the Windows box (it should of
course use the OpenBSD box as its default route).
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu
Interface
default 192.168.25.254 UGS 0 7 - ne3
loopback localhost.localnet UGRS 0 0 33224 lo0
localhost.localnet localhost.localnet UH 0 9 33224 lo0
192.168.25/24 link#1 UC 0 0 - ne3
192.168.25.254 00:18:f8:08:b4:27 UHLc 0 592 - ne3
BASE-ADDRESS.MCAST localhost.localnet URS 0 0 33224 lo0
Is this correct?
Thanks again.
--charlie
--
------------------------------------------------------------------------
Charles Farinella
Appropriate Solutions, Inc. (www.AppropriateSolutions.com)
[EMAIL PROTECTED]
voice: 603.924.6079 fax: 603.924.8668
