On Thu, Oct 31, 2002 at 01:26:36PM -0500, Jason Dixon wrote:
nat on $int_if proto tcp from $int_net to $server port 80 -> $int_if
/etc/nat.conf:22: syntax error
pfctl: syntax error in file: nat rules not loaded
Yes, pf in 3.1 doesn't allow to specify ports in nat rules, that was
added after 3.1-release...
The client appears to connect to the proxy just fine, based on the
output of "pfctl -ss", netstat, and tcpdump. However, it appears that
the firewall is not translating the destination, as tcpdump on the
server shows a source address of 127.0.0.1.
dc1 does have 192.168.1.0 netmask 255.255.255.0 assigned, right? From
the firewall, you should be able to 'telnet 192.168.1.20 80' and get a
working connection. If that works, add the inetd.conf line as mentioned
in the faq. Then, again on the firewall itself, run 'telnet 127.0.0.1
80', which should work, too. Then add the rdr as mentioned and telnet to
the _external_ address of the firewall, port 80, from a local machine.