Forwarding another host

Max Laier max at love2party.net
Thu Jan 10 19:07:50 PST 2008 

On Friday 11 January 2008, Rodrique Heron wrote:
> On 1/10/08, Michal Varga <varga.michal at gmail.com> wrote:
> > On Thu, 2008-01-10 at 12:10 -0500, Rodrique Heron wrote:
> > > Thanks
> > >
> > > FreeBSD syntax for  log all  is "log-all", I have no block rules. I
> > > am passing everything with.
> > >
> > > pass in quick all
> > > pass out qick all
> >
> > ah, I think this may be another problem. Syntax for log (all) really
> > *was* log-all, in PF 3.7, that is approximately the version used in
> > FreeBSD 6.x. I somehow forgot about this from your first mail. As
> > FreeBSD 7 incporporates PF 3.9, things behave a little differently
> > here and there. anyway, can you show me the exact PF config you are
> > using now, one that you think should work and doesn't?
>
> Sorry for the duplicate, I forgot to CC the list.
>
> Both host are in the same broadcast domain,connected to the same
> switch.

Sounds like you are looking for some kind of reflection rather than just 
redirection.  If resources on the pf box are plenty and you don't mind 
running network daemons on it, something like net/rinetd might do the 
trick.

>  INTERNET
>
>
>  PIX Firewall
>
>
>  SWITCH*---*HOSTA 192.168.2.14
>    *
>
>
>    *
>   HOSTB 192.168.2.27
>
>
> ###  /etc/pf.conf
> ext_if = "em0"
> int_if = "lo0"
>
> host_ip = " 192.168.2.14"
> jail_ip = "192.168.2.18"
> external_host = "192.168.2.27"
>
> rdr on $ext_if proto tcp from any to $host_ip port 22 -> $external_host
> port 22
> rdr on $ext_if proto tcp from any to $host_ip port 26 -> $jail_ip port
> 22
>
> pass in quick all
> pass out quick all
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"



-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20080111/25573339/attachment.pgp

More information about the freebsd-pf mailing list