Thanks ALOT! So are you using NAT'ed networks on both the internal and DMZ? Also, can you tell me exactly how you set up your aliases? I'm assuming this:
192.168.2.1 - is you DMZ interface card 1.2.3.4 - is you external interface card
Did you create an alias on the external interface card with an IP of 192.168.2.1? Thanks again.
Say you have a web server in the DMZ with address 192.168.2.52, and you want/need it NAT'ed to 1.2.3.5 on the external interface.
You can do that with the following command (<ext-if> = fxp0 or some such):
ifconfig <ext-if> inet alias 1.2.3.5 255.255.255.255
You can make this persistent across boots by adding the arguments of the line to the file /etc/hostname.<ext-if>. In our thought experiment:
inet alias 1.2.3.5 255.255.255.255
Now you can use a redirect in this way:
rdr on fxp0 proto tcp from any to 1.2.3.5/32 port www -> 192.168.2.52 port www
This should work, provided you have not blocked port 80 on fxp0. I have this rule to make sure there is a connection:
pass in on fxp0 inet proto tcp from any to 192.168.2.52 port www keep state
When you need to add a machine to the DMZ, you just add one new line for each step above.
Hope this helps,
Morten
Robert
On Thu, 3 Jul 2003, Morten Norby Larsen wrote:
> At 21:13 03/07/03, Robert Banniza wrote: > >Any help CERTAINLY appreciated. > > Being a beginner as well, I have found the example pf.conf files on > http://www.0xdeadbeef.info useful. > > Stuff even started working when I defined aliases on the external interface > for the addresses NAT'ed (redirected in our configuration) to the DMZ. This > was our biggest issue, actually. > > Good luck, > > Morten > > > ----------------------------------------------------------------------- > Morten Norby Larsen [EMAIL PROTECTED] > Magister Ludi s.r.l. Phone: +39 02 26 11 72 80 > Via Battaglia 8, I-20127 Milano, Italy Fax: +39 02 28 46 037 > http://www.magisterludi.com > >
----------------------------------------------------------------------- Morten Norby Larsen [EMAIL PROTECTED] Magister Ludi s.r.l. Phone: +39 02 26 11 72 80 Via Battaglia 8, I-20127 Milano, Italy Fax: +39 02 28 46 037 http://www.magisterludi.com
