[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pf problems

To: <misc@openbsd.org>
Subject: pf problems
From: "obsd" <openbsd@ilabmail.com>
Date: Fri, 17 Oct 2003 14:40:56 -0700

I am using OpenBSD 3.3 as a company firewall.  I have looked for an answer
but have not found it.  I am sure it is simple and I am overlooking it.

Our webservers are behind the firewall, and several different rdr and nat
rules work fine, from the outside.  From inside the 192.168.x.x. network, I
cannot resolve the FQDN, I have to use the 192.168.x.x address to get to the
server.

Some new applications have been built that need to use the domain name, and
from the outside they work, but from behind the firewall, they don't
resolve.  I understand that the requests from inside are most likely being
denied by the firewall since it does not know what to do woth them, but I do
not know the solution.  I have tried binat rules in the pf.conf in
accordance with the pf faq, as it sounds like the answer:

web_serv_int = "192.168.1.30"
web_serv_int = "public ip"

binat on em0 from $web_serv_int to any -> $web_serv_int

but I continue to get the same error, ie. the connection at work is refused
by the webserver.  My thinking is because the internal nic has no idea what
to do with these requests, since nat is done from the ext interface.

I am willing to learn from my mistakes if someone can just point me in the
right direction.

brian

Follow-Ups:
- Re: pf problems
  - From: Paul Arola <spawn@maltliquor.ca>
- Re: pf problems
  - From: "robert schwartz" <robert@mrsquirrel.com>
- Re: pf problems
  - From: Christopher Ingram <cmi@crystalsands.net>

Prev by Date: more: Re: Multiple NICs on same network
Next by Date: CARP
Prev by thread: Re: pf problems
Next by thread: Re: pf problems
Index(es):
- Date
- Thread