Hello All,
I have set up a PF on a OpenBSD 3.3 box, the NAT and
binat is working fine. But I can’t redirect the
traffic to the local server. I did this before when I
used OpenBSD 3.0. Here is the pf.conf file:
********pf.conf***********
# macros
int_if = "fxp1"
ext_if = "fxp0"
tcp_services = "{ 21, 25, 80, 1723 }"
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16,
172.16.0.0/12, 10.0.0.0/8 }"
# options
#set loginterface $ext_if
# scrub
scrub in all
# nat/rdr
nat on $ext_if from $int_if:network to any ->
($ext_if)
binat on $ext_if from 10.0.0.3 to any ->
123.123.123.123
binat on $ext_if from 10.0.0.4 to any ->
234.234.234.234
rdr on $int_if proto tcp from any to any port 21 ->
127.0.0.1 port 8021
rdr on $ext_if proto tcp from any to 123.123.123.123
port 80 -> \
10.0.0.3 port 80
rdr on $ext_if proto tcp from any to 123.123.123.123
port 80 -> \
10.0.0.3 port 21
rdr on $ext_if proto tcp from any to 123.123.123.123
port 80 -> \
10.0.0.3 port 25
rdr on $ext_if proto tcp from any to 234.234.234.234
port 1723 -> \
10.0.0.4 port 1723
rdr on $ext_if proto 47 from any to 234.234.234.234 ->
10.0.0.4
# filter rules
block all
block in on $ext_if all
pass quick on lo0 all
# active spoofing protection for the internal
interface
#antispoof quick for $int_if
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
pass in on $ext_if inet proto tcp from any to
($ext_if) \
port $tcp_services flags S/SA keep state
pass in on $ext_if inet proto 47 from any to
234.234.234.234 keep state
pass in on $int_if from $int_if:network to any keep
state
pass out on $int_if from any to $int_if:network keep
state
pass out on $ext_if proto tcp all modulate state flags
S/SA
pass out on $ext_if proto { udp, icmp } all keep state
pass out on $ext_if proto 47 all keep state
Is there any idea can help?
Thanks
Eric
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
