On Thu, May 22, 2008 at 03:42:45PM -0400, Chris Smith wrote:
> Are there some limitations to what rules can apply labels? I'm trying to
> add a label to a rdr rule but keep getting a syntax error.
when i have this question, i search from the bottom of the pf.conf
manpage up (
Are there some limitations to what rules can apply labels? I'm trying to
add a label to a rdr rule but keep getting a syntax error.
Thanks.
--
Chris
On Mar 24, 2005, at 8:55 PM, Daniel Hartmeier wrote:
On Thu, Mar 24, 2005 at 08:36:31PM -0500, Jim Fron wrote:
# pfctl -sn
No errors...
Can you please post the verbatim output of pfctl -vvsn?
Interesting:
With rules as posted:
@0 nat on le1 inet from 192.168.1.0/24 to any -> 69.241.239.150
[ Eva
On Mar 24, 2005, at 8:55 PM, Daniel Hartmeier wrote:
Can you please post the verbatim output of pfctl -vvsn?
Got it. Unlike /bin/sh, which does NOT concatenate a comment
line ending in \ with the following line, pf.conf considers
# foo \
bar
to be a multi-line comment. Hence, in t
On Thu, Mar 24, 2005 at 08:36:31PM -0500, Jim Fron wrote:
> > # pfctl -sn
>
> No errors...
Can you please post the verbatim output of pfctl -vvsn?
Daniel
It's probably some simple mistake in manipulating the ruleset. Make
sure
you have both filter and translation rules loaded successfully, i.e.
run
# pfctl -sn
No errors...
and check whether rdr rule is correctly loaded like you intend.
Check.
One somewhat obscure mistake is to run "p
On Mon, Mar 21, 2005 at 10:11:31PM -0500, Jim Fron wrote:
> Any thoughts as to what I'm doing wrong?
It's probably some simple mistake in manipulating the ruleset. Make sure
you have both filter and translation rules loaded successfully, i.e. run
# pfctl -sn
and check whethe
Rule question:
http://www.openbsd.org/faq/pf/rdr.html
"NOTE: Translated packets must still pass through the filter engine and
will be blocked or passed based on the filter rules that have been
defined.
"The only exception to this rule is when the pass keyword is used
within the
rd
valid rule for the ftp-proxy rdr rule:
rdr on em0 proto tcp \ from { !152.12.29.195 , 152.12.0.0/16 } \
to any port 21 -> 127.0.0.1 port 8021
I've made the change to pf.conf, flushed rules, state & nat and reloaded
pf.conf, but when monitoring pflog0 during the ftp session I stil
Clears things up. Moved list to a table and all works as expected.
Thanks
SM
-Original Message-
From: Daniel Hartmeier [mailto:[EMAIL PROTECTED]
Sent: Monday, November 08, 2004 8:43 PM
To: Maat, Steve
Cc: [EMAIL PROTECTED]
Subject: Re: RDR rule for ftp-proxy
On Mon, Nov 08, 2004 at 05
On Mon, Nov 08, 2004 at 05:21:46PM -0500, Maat, Steve wrote:
> rdr on em0 proto tcp \
> from { !152.12.29.195 , 152.12.0.0/16 } \
> to any port 21 -> 127.0.0.1 port 8021
This is a frequently asked question, which the FAQ didn't answer so far,
the following paragraph was just added:
y ftp-proxy takes over
the ftp-session. I am not sure if they cannot handle the change in the
tcp/ip address or if it's a port issue (XP with SP2 firewall = BAD, XP
without SP2 firewall = good)
Anyway, is this a valid rule for the ftp-proxy rdr rule:
rdr on em0 proto tcp \
from { !152
they cannot handle the change in the
tcp/ip address or if it's a port issue (XP with SP2 firewall = BAD, XP
without SP2 firewall = good)
Anyway, is this a valid rule for the ftp-proxy rdr rule:
rdr on em0 proto tcp \
from { !152.12.29.195 , 152.12.0.0/16 } \
to any port 21 -&
ahhh *lightbulb*
Thanks Daniel!
--Bryan
On Fri, 10 Sep 2004 01:27:13 +0200, Daniel Hartmeier
<[EMAIL PROTECTED]> wrote:
> On Thu, Sep 09, 2004 at 03:21:25PM -0700, Bryan Irvine wrote:
>
> > anyone know why this rule doesn't work?
>
> Because of the way {} lists are simply expanded by pfc
On Thu, 2004-09-09 at 18:21, Bryan Irvine wrote:
> anyone know why this rule doesn't work?
>
> I've read and re-read the pf users guide but this specific example
> isn't covered.
>
> ftpservers = "{" ftp.kingcountyjournal.com intranet,kingcountyjournal.com "}"
On Thu, Sep 09, 2004 at 03:21:25PM -0700, Bryan Irvine wrote:
> anyone know why this rule doesn't work?
Because of the way {} lists are simply expanded by pfctl into multiple
rules. If it were accepted,
rdr from any to ! { a, b } -> c
would become (be equivalent to)
rdr from any to ! a ->
anyone know why this rule doesn't work?
I've read and re-read the pf users guide but this specific example
isn't covered.
ftpservers = "{" ftp.kingcountyjournal.com intranet,kingcountyjournal.com "}"
rdr on $LANS proto tcp from any to ! $ftpservers port ftp ->
$localhost port ftp-proxy
--Bryan
ia [mailto:[EMAIL PROTECTED]
Sent: lunedì 3 maggio 2004 20.03
To: Gabriele Oleotti; [EMAIL PROTECTED]
Subject: Re: help with rdr rule
Gabriele:
A) Did you test the redirection on simplier rules like
rdr proto tcp from any to $wwwserver_ext port 80 -> $wwwserver_int port
80 if works, then test
Gabriele:
A) Did you test the redirection on simplier rules like
rdr proto tcp from any to $wwwserver_ext port 80 -> $wwwserver_int port
80 if works, then test your rules
B) Re-check if $wwwserver_int has your BSD Firewall as his Default GW
C) Debug with tcpdump the packets run a tcpdump po
Hello everybody,
I have the following problems (it's about 5 days I'm working on it) and I'm not able
to solve. I have a web server on a Win2k + IIS on my internal network that is working
fine, and I want it to be accessible from the internet through my OpenBSD box (which
has a public IP.)
The
20 matches
Mail list logo