[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

help with rdr'ing port 23 to 80



Hi
I have a question that seems seemingly simple, but I
can't seem to get rdr working properly.  Here is some
info...  I thought I followed along correctly from the
PF FAQ, and also I've stared at rdr in Absolute
OpenBSD, but doesn't seem to work.  Maybe it is just
my testing method?
Side note: I have to use dyndns.org's port redirection
(to cloak URLS) due to my ISP blocking requests to
:80.  If I comment out the rdr, and start apache on my
firewall (apache listening on port 23 as well as 80),
and make a request to http://my.domain.org:23/ it
works.  If I stop apache, enable the rdr line, and
have apache running on 10.10.10.2:80, it doesn't work.
 From 10.10.10.11, I can get the webpage
http://10.10.10.2:80/, but again can't get
http://my.domain.org:23/.  Would this be because I'm
on the interanl network to begin with?  I'm sure this
wouldn't be a problem, but thought I'd mention it.
And I'm not seeing anything on pflog0, so not sure
where things are messing.  Any ideas/recommendations
please?  or a suggestion on a better way I could think
through or debug this too.  thanks.
b.
int_if = "fxp1"
ext_if = "fxp0"
tcp_services = "{ 22, 23, 80 }"
icmp_types = "echoreq"
webserver="10.10.10.2"
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16,
172.16.0.0/12 }"
set block-policy return
set loginterface $ext_if
scrub in all
nat on $ext_if from $int_if:network to any ->
($ext_if)
rdr on $ext_if proto tcp from any to any port 23 ->
$webserver port 80
block log all
pass quick on lo0 all
block drop in  quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
pass in on $ext_if inet proto tcp from any to
($ext_if) port $tcp_services flags S/SA keep state
pass in inet proto icmp all icmp-type $icmp_types keep
state
pass in  on $int_if from $int_if:network to any keep
state
pass out on $int_if from any to $int_if:network keep
state
pass out on $ext_if proto tcp all modulate state flags
S/SA
pass out on $ext_if proto { udp, icmp } all keep state
__________________________________
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam
http://mail.yahoo.com