Re: PF rdr question

2009-09-23 Thread Ari Constancio 
On Wed, Sep 23, 2009 at 5:59 PM, Matthew Young myoung24...@gmail.com wrote:
 Hello,

 Ive been trying to do redirection , this time with a very minimal procedure
 as follows.


 # cat
 /etc/pf.conf

 t_externa = re0
 server = 208.99.249.95
 rdr on $t_externa proto tcp from any to any port 80 - $server

 # cat
 /etc/sysctl.conf
 net.inet.ip.forwarding=1
 net.inet6.ip6.forwarding=1


 This is the state log:
  STATES:   all tcp 208.99.249.95:80 (77.46.79.232:80) -
 180.10.98.2:60011
 CLOSED:SYN_SENT

  180.10.98.2 is my IP,  77.46.79.232 is the box with pf.. and 208 is the
box
 iam trying to redirect to. Why would this be failing?

 Thank you

 --Matt


Hello,

From http://www.openbsd.org/faq/pf/rdr.html :
NOTE: Translated packets must still pass through the filter engine
and will be blocked or passed based on the filter rules that have been
defined. 

Regards,
Ari Constancio

Re: RDR question

2008-04-14 Thread Dorian Büttner 

Monah Baki schrieb:

rdr on $ext_if proto tcp from 192.168.2.0/24 to any port 80 - \
127.0.0.1 port 5000
  


You changed the 'to'-part from 'to $ext_if' to 'to any', yes, but you 
also modified the 'rdr on' device to $ext_if. Why not leave it $int_if 
as before? Should work here?

RDR question

2008-04-13 Thread Monah Baki 
Hi all,

I'm running OpenBSD on a soekris box 4.3 current.

sis0=192.168.3.32
sis1=192.168.2.1

I have a proxy server IP address 192.168.3.106

I want a rule to have all users on the .2 network to go thru the proxy.


Tried the following in /etc/inetd.conf

127.0.0.1:5000 stream tcp nowait nobody /usr/bin/nc nc -w \
   20 192.168.3.106 8080


rdr on $int_if proto tcp from $int_net to $ext_if port 80 - \
   127.0.0.1 port 5000

I can access websites but thing is the proxy server is running dans
guardian on 8080 and I do not see a denied page when I access unwanted
sites.

Thanks

BSD Networking, Microsoft Notworking

Re: RDR question

2008-04-13 Thread Dorian Büttner 

Monah Baki schrieb:


rdr on $int_if proto tcp from $int_net to $ext_if port 80 - \
   127.0.0.1 port 5000

  


unless you host the unwanted sites on $ext_if, you may try to any 
instead and let us know?

Re: RDR question

2008-04-13 Thread Monah Baki 
Hi,

It did not work, I get a blank page on all URL's.

Here's my pf.conf real basic.

ext_if=sis0
int_if=sis1

#table spamd-white persist

set skip on lo

#scrub in
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
#rdr-anchor relayd/*

nat on $ext_if from $int_if:network to any - $ext_if
# rdr pass on $ext_if proto tcp to port 80 - 192.168.3.106 port 8080
rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021
rdr on $ext_if proto tcp from 192.168.2.0/24 to any port 80 - \
127.0.0.1 port 5000
rdr on $ext_if proto tcp from any to $ext_if - 192.168.3.106 port 8080
#no rdr on $ext_if proto tcp from spamd-white to any port smtp
#rdr pass on $ext_if proto tcp from any to any port smtp \
#   - 127.0.0.1 port spamd
anchor ftp-proxy/*
# block all
pass out


Thanks







On Apr 13, 2008, at 1:59 PM, Dorian B|ttner wrote:
Monah Baki schrieb:

rdr on $int_if proto tcp from $int_net to $ext_if port 80 - \
   127.0.0.1 port 5000



unless you host the unwanted sites on $ext_if, you may try to any
instead and let us know?


BSD Networking, Microsoft Notworking

Re: rdr question

2008-02-14 Thread Michael 
Hi,

Monah Baki schrieb:
 rdr pass on $ext_if proto tcp to port 8080 - 192.168.3.105 port 8080
 rdr pass on x.x.x.x proto tcp to port 8080 - 192.168.3.106 port 8080
 
From outside my network if I enter in my browser proxy setting x.x.x.x
 8080 which is the alias, I get redirected to the proxy 192.168.3.105 not
 the 106.
 If I comment rdr pass on $ext_if proto tcp to port 8080 - 192.168.3.105
 port 8080 then it works fine, my rdr rule works.

Since x.x.x.x also belongs to $ext_if only the first RDR rule is
taken... maybe change it like this:


rdr pass on $ext_if proto tcp to ($ext_if:0) port 8080 \
   - 192.168.3.105 port 8080
rdr pass on $ext_if proto tcp to x.x.x.x port 8080 \
   - 192.168.3.106 port 8080


($ext_if:0) is the main IP of the interface


Michael

Re: rdr question

2005-07-27 Thread Mark Prins 
Stuart Henderson  scribbled on :

 --On 27 July 2005 00:27 +0200, GV wrote:

 In general I would like to have one static IP where more than one
 domains are  registered and for each domain a different internal web
 server should serve  the incoming requests!
 
 No, you need some kind of 'reverse-proxy' to do this type of thing
 (maybe pound, tinyproxy 1.70, or squid in accelerator-mode). It would
 run on either the PF box or another box that you rdr to.

httpd with mod_proxy enabled does this just fine for http; https is
problematic...

-- 
Mark C. Prins
Spatial Fusion Specialist / Network Specialist
SkypeMe@ callto:mark.prins-caris.nl










--
_
CARIS 2005 -  Mapping A Seamless Society
10th International User Group Conference and Educational Sessions
26-29 September 2005: World Trade Center, Halifax (Nova Scotia) Canada

Visit http://www.caris.com/caris2005 or send email enquiries to 
[EMAIL PROTECTED] for more information.
_
CARIS Geographic Informations Sytems BV
phone: +31 413 296 010
fax: +31 413 296 012
web: http://www.caris.nl
product support: [EMAIL PROTECTED]
sales/marketing: [EMAIL PROTECTED]
_
This email contains confidential information for the intended 
recipient. If you are not the intended addressee please, notify us
immediately. You should not use, disclose, distribute or copy this
communication if received in error. 
No binding contract will result from this message until such a time
as a written contract has been signed on behalf of the company
named above.
_
This message has been scanned for viruses using McAfee Groupshield.
This message may have been modified by the scanner.
_

rdr question

2005-07-26 Thread GV 
Hi list,

is it possible to have the following:

rdr on $ext_if proto tcp from any to any port 80 - $server

re-written as:

rdr on $ext_if proto tcp from any to domain.com port 80 - $server

where $server an internal web server and domain.com a specific domain 
name?

In general I would like to have one static IP where more than one domains are 
registered and for each domain a different internal web server should serve 
the incoming requests!

Thanks

George

Re: rdr question

2005-07-26 Thread Stuart Henderson 

--On 27 July 2005 00:27 +0200, GV wrote:


is it possible to have the following:

rdr on $ext_if proto tcp from any to any port 80 - $server

re-written as:

rdr on $ext_if proto tcp from any to domain.com port 80 - $server

where $server an internal web server and domain.com a specific
domain  name?

In general I would like to have one static IP where more than one
domains are  registered and for each domain a different internal web
server should serve  the incoming requests!


No, you need some kind of 'reverse-proxy' to do this type of thing 
(maybe pound, tinyproxy 1.70, or squid in accelerator-mode). It would 
run on either the PF box or another box that you rdr to.