Port Forwarding to different address
David N
davidn04 at gmail.com
Wed Aug 22 21:10:43 PDT 2007
On 19/08/07, Greg Hennessy <Greg.Hennessy at nviz.net> wrote:
> [snip]
>
> > scrub in all
> >
> > nat on $ext_if from $int_net to any -> ($ext_if)
> >
> > rdr on $ext_if pro to tcp from any to any port 22011 -> 192.168.1.10
> > port 22
> >
>
> Add
>
> block log all
> here
>
> > pass in all
> > pass out all
>
> Replace these with explicitly coded ingress and egress rules using 'keep
> state flags S/SA'.
>
> In addition use tcpdump on the ingress and egress interfaces to determine if
> the redirect is working and to determine if the flow is transiting both
> interfaces.
>
>
> Greg
>
>
>
> >
> > ---- Snip
> >
> > I've tried it with the same port, eg.
> > rdr on $ext_if proto tcp from any to any port 22 -> 192.168.1.10 port
> > 22
> > that works.
> >
> > But with the original rule i do
> > ssh -p 22011 example.net
> > ssh: connect to host example.net port 22011: Connection refused
> >
> > I've tried
> > rdr on $ext_if pro to tcp from any to $ext_if port 22011 ->
> > 192.168.1.10 port 22
> > with no luck as well
> >
> > I have
> > net.inet.ip.forwarding: 1
> >
> > I'm not quite sure what else to do.
> >
> > Regards
> > David N
> > _______________________________________________
> > freebsd-pf at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
>
>
Thanks, did a block log all
an from the remote side it still wouldn't let me connect, but didn't
get a log either =)
The remote host i was trying to connect from was blocking all out
going connections.
Changed hosts and all is working
Regards
David N
More information about the freebsd-pf
mailing list