pf: rdr with two interfaces

Littlefield, Tyler tyler at tysdomain.com
Sat Aug 6 18:38:58 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,
I'm attempting to set up two interfaces on different networks. I can
connect to ports 22 and 53, but I cannot connect to any of the samba
ports. Prior to the introduction of two interfaces this worked fine.
Is there a problem with this setup? If so, any tips/etc would be
great. also any thoughts on cleaning up these rules to look better/be
more efficient would also be helpful.
Thanks,
if="bridge0"
eif="igb1"
addr="192.168.88.200"
eaddr="10.21.96.200"
samba_addr="192.168.0.2"
#port groupings
tcp_services="{4000 53 netbios-ns netbios-dgm netbios-ssn microsoft-ds
22}"
etcp_services="{netbios-ns netbios-dgm netbios-ssn microsoft-ds 22}"
udp_services="{53 netbios-ns netbios-dgm netbios-ssn microsoft-ds}"
eudp_services="{netbios-ns netbios-dgm netbios-ssn microsoft-ds}"
samba_services="{netbios-dgm netbios-ns netbios-ssn microsoft-ds}"
set skip on lo
set loginterface $if
scrub in all
#allow jails through
#samba
nat on $if inet from $samba_addr to any tag jail_samba -> $addr
#portforward to jails.
#samba
rdr pass proto tcp from any to any port $samba_services -> $samba_addr
rdr pass proto udp from any to any port $samba_services -> $samba_addr
#rdr pass on $eif proto tcp from any to any port $samba_services ->
$samba_addr
#rdr pass on $eif proto udp from any to any port $samba_services ->
$samba_addr
#rules
pass quick on lo1
pass from $if to any keep state
pass from $eif to any keep state
#default policy: deny
block in log all
antispoof quick for { $if $eif lo }
#accept TCP ports.
pass in on $if proto tcp from any to any port $tcp_services
pass in on $eif proto tcp from any to any port $etcp_services
pass in on $if proto udp from any to any port $udp_services
pass in on $eif proto udp from any to any port $eudp_services


- -- 
Take care,
Ty
Twitter: @sorressean
Web: https://tysdomain.com
Pubkey: https://tysdomain.com/files/pubkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJXpi3RAAoJEAdP60+BYxejbPMH/0NNyACtbljoqdt+pGczrWDV
HJQiBjfGe8/XxDIml6MJu3/NmO+G54ZICidvFdkolTIVDxjzfe9dRvynwGlcR68e
HkEfsWsQ464gTjmJLYeOONP/WJI6q+zuzqucB6E6HG+4Yh0/C1d8cUAiME2FAPsn
KURFa4a4t110A1yGtF5hRyAAfjKtZ6QOWK5TwfUVI7BVmuGGdu/ElTrtO/7klzPy
Ot2B0g7Nlp75m3uKIVthJd3Qtw1V1FmfXMa2H7/96R0FRxmtLyGIDsUrWA/m2TiT
WXMfPCmByzD2e+AbtMeFilp+HYOqhWJW5cYla/dGKWns7OQSpy4OZmEJsWm2K5g=
=xEii
-----END PGP SIGNATURE-----


More information about the freebsd-questions mailing list