Nick,
Indeed Working.
Thanks.
>>
>> May be a dumb question, but do you have net.inet.ip.forwarding=1 set?
>>
>
> Neither can I believe had forgotten it, but I think you nailed it.
> Will test monday and let know.
>
> Thanks in advance.
>
> -fm
>
>>
>> tcpdump of a successful test connection:
>>
>
> May be a dumb question, but do you have net.inet.ip.forwarding=1 set?
>
Neither can I believe had forgotten it, but I think you nailed it.
Will test monday and let know.
Thanks in advance.
-fm
>
> tcpdump of a successful test connection:
> c.c.c.c = remote test client on internet
> r.r.r.r
On 2/14/2020 11:21 AM, Fabio Martins wrote:
I am trying now only with the redirect to www.openbsd.org, if it works, I
am sure it can be adapted to my case.
Unfortunately still no success.
# pf.conf:
ext_if="xnf0"
match in log on $ext_if proto tcp from any to ($ext_if) port 8099 tag RDR \
r
I am trying now only with the redirect to www.openbsd.org, if it works, I
am sure it can be adapted to my case.
Unfortunately still no success.
# pf.conf:
ext_if="xnf0"
match in log on $ext_if proto tcp from any to ($ext_if) port 8099 tag RDR \
rdr-to 129.128.5.194 port 80
match out log on $
Hi Fabio (xarĂ¡),
Apparently I achieved this with these rules:
--
pass out log on hvn0 inet proto tcp from any port 1024:65535 to 8.8.8.8
port = flags S/SA label "TESTE LISTA"
pass in on hvn0 inet proto tcp from any port 1024:65535 to 10.101.0.17 port
= 25 flags S/SA label "TESTE LISTA" tag TES
On 2/14/2020 6:30 AM, Fabio Martins wrote:
Hi Nick,
Thanks. I applied both rules below, unfortunately I am still only hitting
rule number #1 (rdr-to). nat-to is never reached (added "log" on each to
test). I tried inverting the order, too, but no luck.
#1
match in on $ext_if proto tcp from
Hi Nick,
Thanks. I applied both rules below, unfortunately I am still only hitting
rule number #1 (rdr-to). nat-to is never reached (added "log" on each to
test). I tried inverting the order, too, but no luck.
#1
match in on $ext_if proto tcp from to ($ext_if) port 25 \
rdr-to 200.200.200.200
Hi Fabio,
I believe this will do what you want, seemed to work in quick testing
here, adjust to suit your environment.
match in on $ext_if proto tcp from to ($ext_if) port 25
rdr-to 200.200.200.200 port
match out on $ext_if proto tcp to 200.200.200.200 port received-on
$ext_if na
Hi,
I am trying to redirect + NAT incoming packets without the need of a TCP
Proxy.
Currently I have the following setup to redirect hosts abusing SMTP to an
email trap:
inetd listening in 127.0.0.1:8000 and redirecting to an external host
# inetd.conf
127.0.0.1:8000 stream tcp nowait _inetd
9 matches
Mail list logo