[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PF RDR/NAT Questions.



What follows is my pf.conf:
#-------
# Macros
#-------
Content not important
scrub in all
#--------
# NAT
#--------
nat on $ext_if from $int_if:network to any ($ext_if)
rdr on $ext_if proto udp from any to ($ext_if) port 6666:7000 -> $udpserver port 6666:7000
rdr on $ext_if proto udp from any to ($ext_if) port 29200 -> $udpserver port 29200
#--------
# Filters
#--------
block log all
pass quick on lo0 all
block drop in quick on $ext_if from $private_networks to any
block drop out quick on $ext_if from any to $private_networks
pass in on $ext_if proto udp from any to $udpserver port { 6666:7000, 29200 } 
pass in on $int_if proto udp from any to $udpserver port { 6666:7000, 29200 } 
pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto {udp, icmp} all keep state
pass out on $ext_if proto esp all keep state
----------------
I am trying to port forward a service that accepts UDP traffic on ports 6666 to 7000 and also 29200. However, there is a problem in my rule-set. I think that the problem exists in my filter/lack of filter rules. Can anybody help me with this, and perhaps show my how you would go about implmenting these rules? I am just starting out with Pf so any help at all would be appreciated.
As far as the pass rules for the rdr rules go, how do i visualize these?
For example should I picture sitting inside the firewall, and accepting traffic into the firewall on both interfaces, and out of the firewall on both interfaces? Or is pass in on the internal interface passing traffic from the firewall into the internal network?
Frankie
-- 
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org 
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze