rdr + reply-to, some solution ?
Luiz Gustavo S. Costa
luizgustavo at luizgustavo.pro.br
Wed Jun 30 16:50:26 UTC 2010
Hi,
Yep!
# Nat section
rdr on $if_ext2 proto tcp from any to $ip_ext2 port http tag
http_link2 -> $dmz_http
# Rule section
pass in quick on $if_ext2 reply-to ($if_ext2 $gw_ext2) tagged http_link2
The reply-to is apply on the tag match.
Thanks for Gabriel !
2010/6/30 Vitaliy Vladimirovich <artemrts at ukr.net>:
>
> Hi Luiz!
>
> Can you post here your working final ruleset with rdr + replye-to? Only
> rdr + reply-to section.
>
> Thank you!
>
>
> PERFECT !!!!!
>
> This is it ! (tribute to MJ)
>
> worked perfectly, had not really thought about using tag, perfect.
>
> thank you (valeu !)
>
> goodbye rinetd/redir !
>
> 2010/6/28 Gabriel Fonseca <gabriel at ethx.com.br>:
>> 2010/6/28 Luiz Gustavo S. Costa <luizgustavo at luizgustavo.pro.br>
>>>
>>> hi Chris ! how are you?
>>>
>>> as it says here in Brazil: "I eat ball" :).
>>>
>>> pass in $if_int reply-to ($if_ext2 $gw_ext2) proto tcp from any to
>>> 192.168.1.100 port 80
>>>
>>> but still, the combination does not work
>>>
>>> thanks
>>>
>>>
>>> 2010/6/28 Chris Buechler <cbuechler at gmail.com>:
>>> > On Mon, Jun 28, 2010 at 5:12 PM, Luiz Gustavo S. Costa
>>> > <luizgustavo at luizgustavo.pro.br> wrote:
>>> >> Hi all.
>>> >>
>>> >> I know there is a problem in using rdr with the reply-to, I usually
>>> >> use some software to "rdr", as the rinetd, but it's not a pretty
>>> >> solution.
>>> >>
>>> >> Is there any alternative?
>>> >>
>>> >> Below is an example of what I'm talking about.
>>> >>
>>> >> # Nat section
>>> >> rdr on $if_ext2 proto tcp from any to 200.x.x.x port 80 ->
>>> >> 192.168.1.100
>>> >> # Rules section
>>> >> pass in $if_ext2 reply-to ($if_ext2 $gw_ext2) proto tcp from any to
>>> >> 200.x.x.x port 80
>>> >>
>>> >
>>> > That rule won't match traffic from that rdr. The dest has to be the
>>> > 192.168.1.100 IP.
>>> >
>>>
>>>
>>>
>>> --
>>> Luiz Gustavo Costa (Powered by BSD)
>>> *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
>>> mundoUnix - Consultoria em Software Livre
>>> http://www.mundounix.com.br
>>> ICQ: 2890831 / MSN: contato at mundounix.com.br
>>> Tel: 55 (21) 2642-3799 / 7582-0594
>>> Blog: http://www.luizgustavo.pro.br
>>> _______________________________________________
>>> freebsd-pf at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>>
>>
>> Hi, Luiz "gugaBSD" Gustavo.
>> I don't exactly what your need, but I'll try help.
>>
>> Try this:
>> rdr on $if_ext2 proto tcp from any to 200.x.x.x port 80 tag LINK2 ->
>> 192.168.1.100
>> pass in quick on $if_ext2 reply-to ( $if_ext2 $gw_ext2 ) tagged LINK2
>>
>> I hope that helps.
>>
>> Gabriel "ethX" Fonseca
>>
>>
>>
>>
>>
>
> --
> Luiz Gustavo Costa (Powered by BSD)
> *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
> mundoUnix - Consultoria em Software Livre
> http://www.mundounix.com.br
> ICQ: 2890831 / MSN: contato at mundounix.com.br
> Tel: 55 (21) 2642-3799 / 7582-0594
> Blog: http://www.luizgustavo.pro.br
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
>
--
Luiz Gustavo Costa (Powered by BSD)
*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
mundoUnix - Consultoria em Software Livre
http://www.mundounix.com.br
ICQ: 2890831 / MSN: contato at mundounix.com.br
Tel: 55 (21) 2642-3799 / 7582-0594
Blog: http://www.luizgustavo.pro.br
More information about the freebsd-pf
mailing list