Forwarding another host
mitrohin a.s.
swp at swp.pp.ru
Tue Jan 29 00:27:35 PST 2008
On Thu, Jan 10, 2008 at 09:37:49PM -0500, Rodrique Heron wrote:
> On 1/10/08, Michal Varga <varga.michal at gmail.com> wrote:
> >
> >
> > On Thu, 2008-01-10 at 12:10 -0500, Rodrique Heron wrote:
> >
> >
> > > Thanks
> > >
> > > FreeBSD syntax for log all is "log-all", I have no block rules. I am
> > > passing everything with.
> > >
> > > pass in quick all
> > > pass out qick all
> > >
> > ah, I think this may be another problem. Syntax for log (all) really
> > *was* log-all, in PF 3.7, that is approximately the version used in
> > FreeBSD 6.x. I somehow forgot about this from your first mail. As
> > FreeBSD 7 incporporates PF 3.9, things behave a little differently here
> > and there. anyway, can you show me the exact PF config you are using
> > now, one that you think should work and doesn't?
> > >
> > >
> > >
>
>
> Sorry for the duplicate, I forgot to CC the list.
>
> Both host are in the same broadcast domain,connected to the same switch.
>
> INTERNET
> |
> |
> PIX Firewall
> |
> |
> SWITCH*---*HOSTA 192.168.2.14
> *
> |
> |
> *
> HOSTB 192.168.2.27
>
>
> ### /etc/pf.conf
> ext_if = "em0"
> int_if = "lo0"
>
> host_ip = " 192.168.2.14"
> jail_ip = "192.168.2.18"
> external_host = "192.168.2.27"
>
> rdr on $ext_if proto tcp from any to $host_ip port 22 -> $external_host port
> 22
> rdr on $ext_if proto tcp from any to $host_ip port 26 -> $jail_ip port 22
>
> pass in quick all
> pass out quick all
try this:
rdr pass proto from any to $host_ip port ssh tag A -> $external_host
nat pass all tagged A -> $host_ip
/swp
More information about the freebsd-pf
mailing list