On Tuesday 22 January 2008 11:07:05 you wrote: > Hi, > > In your rule you have : > rdr on $IntIF inet proto tcp from any to 80.17.9.12 port 5280 -> > 192.168.11.3 port 5280 > > instead of $IntIF you should have $ExtIF no ? > > because your rule says : > > pass in quick on $ExtIF inet proto tcp from any to any port 5280 keep state >
I actually have both $IntIF and $ExtIF being redirected. > > # ejabberd redirects > > rdr on $ExtIF inet proto tcp from any to 80.17.9.12 port 5280 -> > > 192.168.11.3 port 5280 > > rdr on $IntIF inet proto tcp from any to 80.17.9.12 port 5280 -> > > 192.168.11.3 port 5280 In the rules I posted, I was only using a quick on the external interface, however at earlier points I had two 'pass in quick' rules, covering both interfaces. It probably got removed whilst trying out different combinations. As a followup however, I now have some success. I've been testing the remote interface from work, which blocks unknown outgoing ports which includes 5280, so the rule I actually had was to redirect a different external port which was allowed by work's firewall onto 5280 internally. I was using port 21 (ftp), since I know that was allowed. Having just changed that to 5223, it has started working. My understanding from the FAQ was that this shouldn't make any difference, since the filter rules 'see' the port after the rdr has been applied, so the 'pass in quick' for port 5280, should kick in even though it has come in on port 21. My reading of the FAQ could be wrong (likely), or maybe lynx just doesn't like being told to use port 21 for http. Apologies for any confusion caused by me trying to simplify. I haven't had a chance to look at the internal rules yet, but hopefully sometime soon. -- Be seeing you, http://www.glendale.org.uk Sam. Mail/IM (Jabber): [EMAIL PROTECTED]
