[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PF RDR/NAT Questions.
F Walls wrote:
> I am trying to port forward a service that accepts UDP traffic on
ports 6666 to 7000 and also 29200. However, there is a problem in my
rule-set. I think that the problem exists in my filter/lack of filter
rules. Can anybody help me with this, and perhaps show my how you would
go about implmenting these rules? I am just starting out with Pf so any
help at all would be appreciated.
As far as the pass rules for the rdr rules go, how do i visualize these?
For example should I picture sitting inside the firewall, and accepting traffic into the firewall on both interfaces, and out of the firewall on both interfaces? Or is pass in on the internal interface passing traffic from the firewall into the internal network?
Think of each interface as a doorway. Packets pass in and out of each
doorway independantly of other doorways. For packets to reach your
internal server that come from the Internet, the packets pass "in" the
external door ($ext_if) and "out" the internal door "$int_if". Packets
in the reverse direction go in $int_if and out $ext_if.
Hopefully this simple (and somewhat silly :) analogy helps you visualize
Now throw stateful tracking on top of that. Stateful tracking is like
giving a packet a key that will open the door. When a packet tries to go
either in OR out on an interface, the state entry for that packet will
allow it to pass. And actually, the default behavior is that the state
entry will allow the packet to pass on *any* interface that it is moving
I hope this helps you.
All this information is also spread about in the documentation.
State tracking options:
Using rdr and filtering: