can't add a port forwarding
bsemene at cyanide-studio.com
Tue Nov 4 07:56:39 PST 2008
I'm currently facing a weird problem. I have a pf box acting as a
gateway for some services and want to add a port forwarding for https.
So I added the following rule :
rdr pass on $ext_if proto tcp from any to any port 443 -> $atlas_ip
//variables are correct since I have a similar rule for port 80.
The "pfctl -s nat" shows this :
nat on bge0 inet from 10.1.8.1 to any -> "external_interface_ip"
rdr pass on bge0 inet proto tcp from any to any port = http -> 10.1.8.1
rdr pass on bge0 inet proto tcp from any to any port = https -> 10.1.8.1
An Nmap from outside shows this :
# nmap -P0 -p80,443,17900 "external_interface_ip"
Starting Nmap 4.20 ( http://insecure.org ) at 2008-11-04 16:22 CET
Interesting ports on "external_interface_ip":
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
17900/tcp filtered unknown
I tried reloading pf rules with "pfctl -F all -f /etc/pf.conf",
restarting the machine, but nothing changed. The securelevel is also at
-1, so pf should take the changes into account.
And of course the destination https server receives nothing on https port.
http and preconfigured nat/forwards works perfectly.
I tried to comment the "scrub in all" option, but because the rdr line
doesn't seem to be affected, I'm not sure this one is.
If someone has an idea or direction to follow I take every piece of thought.
More information about the freebsd-pf