[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenBSD 3.2 & DNS.



Title: OpenBSD 3.2 & DNS.

Thanks for all suggestions, but alas I'm still brain dead and can't see the forest for the trees.

 I'm enclosing the contents of pf.conf. Maybe someone can see something that I'm completely missing - ARGH!!!

# ne3 = External Net xxx.xxx.xxx.0/255.255.252.0
# vr0 = Internal Net yyy.yyy.yyy.0/255.255.255.0

 FTPPORTS = "{ 55000 >< 57000 }"

# NORMALIZE the Universe
 scrub in all

# NAT:
 nat on ne3 inet from yyy.yyy.yyy.0/24 to any -> ne3

# RDR:

 rdr on vr0 proto tcp from any to any port 21 -> 127.0.0.1 port 8081
 rdr on ne3 proto tcp from any to xxx.xxx.xxx.0/24 port 21  -> \
        yyy.yyy.yyy.249 port 21
 rdr on ne3 proto tcp from any to xxx.xxx.xxx.0/24 port   25 -> \
        yyy.yyy.yyy.250 port 25
 rdr on ne3 proto tcp from any to xxx.xxx.xxx.0/24 port  110 -> \
        yyy.yyy.yyy.250 port 110
 rdr on ne3 proto tcp from any to xxx.xxx.xxx.0/24 port   80 -> \
        yyy.yyy.yyy.249 port 80
 rdr on ne3 proto tcp from any to xxx.xxx.xxx.0/24 port  1723 -> \
        yyy.yyy.yyy.250 port 1723
 rdr on ne3 proto { tcp, udp } from any to xxx.xxx.xxx.0/24 port 53 -> \
        yyy.yyy.yyy.250 port 53

# FILTER: the implicit first two rules are (used for testing...)
 pass in all
 pass out all

# DNS ???
 pass out on ne3 inet proto tcp from any to any port = 53 modulate state
 pass out on ne3 inet proto udp from any to any port = 53 keep state

# block in log all


# allow incoming connections
 pass  in on ne3 inet proto tcp from any to yyy.yyy.yyy.yyy port 1723 keep state
 pass  in on ne3 inet proto gre from any to yyy.yyy.yyy.yyy keep state
 pass out on ne3 inet proto gre from any to any keep state
 pass  in on ne3 inet proto tcp from any to any port 22 keep state
 pass out on ne3 inet proto { tcp, udp } all keep state