Re: Web Traffic forwarding, PF and NC

[elaconta.com Webmaster]

Stefan Kell wrote:
Hello,
-------- Original-Nachricht --------
  
Datum: Sat, 23 Feb 2008 21:29:06 +0000
Von: "elaconta.com Webmaster" <[EMAIL PROTECTED]>
An: Stefan Kell <[EMAIL PROTECTED]>
CC: misc@openbsd.org
Betreff: Re: Web Traffic forwarding, PF and NC
    

  
Stefan Kell wrote:
    
Hello,

On Sat, 23 Feb 2008, elaconta.com Webmaster wrote:

      
Stefan Kell wrote:
        
Hello,

On Sat, 23 Feb 2008, elaconta.com Webmaster wrote:

          
Greetings

...snip...
rdr on $ext_if proto tcp from any to 192.168.1.121 port 80 -> 
127.0.0.1 port 5000

...snip

I'm running OpenBSD 3.9 (i386) on both machines.

            
why not rdr directly to your internal webserver instead of 
127.0.0.1? OpenBSD
3.9 is quite old but rdr should work quite well. I use this since 
OpenBSD 3.4

Regards

Stefan Kell



          
Hi

I've tried the following configuration but it yields no effect, i.e. 
when someone tries to view a web page from the outside the web page 
isn't served. Maybe something is wrong with the config:


        
#------------------------------------------------------------------------------------------- 
    
ext_if="rl1"

rdr on $ext_if proto tcp from any to 192.168.1.121 port 80 -> 
192.168.1.126 port 80

pass out on $ext_if inet all keep state

pass in on $ext_if inet all keep state


        
#------------------------------------------------------------------------------------------- 
    
        
is the OpenBSD machine acting as a router? Or ist the webserver directly
connected to the cable modem? Then it cannot work as Stuart Henderson
has explained. My setup would use the machine as a router and different
subnets and also nat on the external interface.

Regards

Stefan Kell


      
The webserver (192.168.1.126) is directly connected to the cable modem, 
as is the 192.168.1.121 server.
What service(s) would i need to run on 192.168.1.121 to make it useable 
as a gateway (router) to 192.168.1.126?
Would just:

# *sysctl net.inet.ip.forwarding=1*

enable it as a router? I would also need some other service, right? Sorry
for any noobness.
    

You need two network interfaces on your OpenBSD machine, different subnets 
physically: one for cable modem and external interface on OpenBSD, one for your 
internal network. sysctl is necessary as you have written and you need  a nat 
rule in pf.conf. There are a lot of instructions flowing around in the internet 
which show you how to do it.

Regards

Stefan Kell



  
Okay, i'm going to add a NIC to 192.168.1.121 (i've got some laying 
around) and do it that way then. Thanks!