Port Forwarding to different address
Greg Hennessy
Greg.Hennessy at nviz.net
Sun Aug 19 02:21:20 PDT 2007
[snip]
> scrub in all
>
> nat on $ext_if from $int_net to any -> ($ext_if)
>
> rdr on $ext_if pro to tcp from any to any port 22011 -> 192.168.1.10
> port 22
>
Add
block log all
here
> pass in all
> pass out all
Replace these with explicitly coded ingress and egress rules using 'keep
state flags S/SA'.
In addition use tcpdump on the ingress and egress interfaces to determine if
the redirect is working and to determine if the flow is transiting both
interfaces.
Greg
>
> ---- Snip
>
> I've tried it with the same port, eg.
> rdr on $ext_if proto tcp from any to any port 22 -> 192.168.1.10 port
> 22
> that works.
>
> But with the original rule i do
> ssh -p 22011 example.net
> ssh: connect to host example.net port 22011: Connection refused
>
> I've tried
> rdr on $ext_if pro to tcp from any to $ext_if port 22011 ->
> 192.168.1.10 port 22
> with no luck as well
>
> I have
> net.inet.ip.forwarding: 1
>
> I'm not quite sure what else to do.
>
> Regards
> David N
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
More information about the freebsd-pf
mailing list