I am currently trying to open up a few ports on my firewall to allow an internal windows home server to provide services to the outside world.
My OpenBSD version is OpenBSD 4.5-current (GENERIC) #6: Sat May 16 21:50:41 MDT 2009 I am trying to use the simple proxy method mentioned in the faq on the OpenBSD.org to forward internal requests to the external ip address to the home server. However, I can't get there from here. Neither internal nor external requests to the external ip address work. A msdos telnet session to the external ip address, port 25 returns an SMTP 421 error immediately and exits. Any help on opening up these ports would be greatly appreciated, below is my current pf.conf, as well as (slightly edited) output of ifconfig for the internal (ingress) and external (egress) interfaces on the firewall. NAT is working internally, and I am able to both send email and read web pages (among other stuff.) --pf.conf------------------------------------------------------------------- ---------- # pf.conf created july 6, 2009 # author: Anathae Townsend # macros homeserv = "192.168.0.195" homeport = "{http, https, 4125, smtp, pop3, imap }" # skip loop back, makes rules quicker set skip on lo # redirects for home server rdr on egress proto tcp from any to egress port $homeport -> $homeserv # redirects for internal web access to proxy server rdr on ingress proto tcp from ingress:network to egress port 80 -> 127.0.0.1 port 5000 # NAT rules to allow inside->out nat on egress from ingress:network -> (egress) # allow internal systems to make connection pass in # to establish keep-state # allow home server services pass proto tcp from any to $homeserv port $homeport synproxy state pass proto tcp from $homeserv to any port smtp synproxy state # By default, do not permit remote connections to X11 block in on ! lo0 proto tcp from any to any port 6000 --ifconfig sk0------------------------------------------------------------------------ sk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:1e:58:ab:13:8c priority: 0 groups: ingress media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 inet 192.168.0.51 netmask 0xffffff00 broadcast 192.168.0.255 --ifconfig rl0------------------------------------------------------------------------ rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:05:5d:d2:6e:48 priority: 0 groups: egress media: Ethernet autoselect (10baseT half-duplex) status: active inet #.#.#.# netmask 0xffffff80 broadcast #.#.#.#