[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TCP Reflection (continued)

which interface (dc0 or dc1) contains $server ( ip address ?

Daniel Hartmeier wrote:
On Thu, Oct 31, 2002 at 01:26:36PM -0500, Jason Dixon wrote:
nat on $int_if proto tcp from $int_net to $server port 80 -> $int_if 
/etc/nat.conf:22: syntax error 
pfctl: syntax error in file: nat rules not loaded 

Yes, pf in 3.1 doesn't allow to specify ports in nat rules, that was
added after 3.1-release...
The client appears to connect to the proxy just fine, based on the
output of "pfctl -ss", netstat, and tcpdump.  However, it appears that
the firewall is not translating the destination, as tcpdump on the
server shows a source address of

dc1 does have netmask assigned, right? From
the firewall, you should be able to 'telnet 80' and get a
working connection. If that works, add the inetd.conf line as mentioned
in the faq. Then, again on the firewall itself, run 'telnet
80', which should work, too. Then add the rdr as mentioned and telnet to
the _external_ address of the firewall, port 80, from a local machine.

Kayra.NET Internet ve Bilisim Hizmetleri Ltd. Sti.
Menekse-2 Sokak No:29/15 Kizilay/Ankara 06440 TURKEY
Tel: 312.419.2836 Fax: 312.419.2837 M: 532.548.2830