Two pf questions
David Mehler
dave.mehler at gmail.com
Wed Mar 29 22:33:36 UTC 2017
Hello,
Thank you. With a pass rule I was able to get it working.
Thank you very much.
Dave.
Here's my config:
# external redirect
rdr on $ext_if inet proto tcp from any to any port 2220 -> $jssh1 port 2220
# internal nat reflection
rdr on $int_if inet proto tcp from any to any port 2220 -> $jssh1 port 2220
# pass rules
# external pass rule
pass in inet proto tcp from any to $jssh1 port 2220 flags S/SA keep
state (max-src-conn 15, max-src-conn-rate 5/3, overload <bruteforce>
flush global)
# internal pass rule
pass inet proto tcp from any to $jssh1 port 2220 flags S/SA keep state
Thanks again.
Dave.
On 3/29/17, Kristof Provost <kristof at sigsegv.be> wrote:
> On 27 Mar 2017, at 16:37, David Mehler wrote:
>> My second question is one of nat reflection is the term. I've got a
>> jail running a service on port 8000. I've got external redirect rules
>> and pass rules passing in the traffic. The problem is I've got need to
>> get access to that machine port 8000 on the host machine.
>>
>> I try something like ssh user at xxx.xxx.xxx.xxx -p 8000
>>
>
> Presumably you’ve got a rule like this:
> rdr on $ext_if proto tcp from any to any port 8000 -> $jail port 80
>
> Add something like
> rdr on $int_if proto tcp from $localnet to ($ext_if) port 8000 -> $jail
> port 80
>
> Regards,
> Kristof
>
More information about the freebsd-questions
mailing list