[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rdr not working correctly



  Ok, so here is my problem, I got a webserver inside
my gateway, and I need to re-direct all trafic from
outside to that inside machine. So I looked into the
ipnat/ipf man pages and they said user rdr, so I said
ok and added the line to my ipnat.rules file and still
it does not re-direct traffic. 
  So a basic rundown is that I have a OpenBSD 2.7
(i386) gateway with ipf/ipnat enabled (and doing
firewalling just fine) and a OpenBSD 2.7 (sparc) box
that is a web server (also serving the internet
network fine). What I need to do is get the i386
gateway to do rdr, there are my ipnat.rules:

--
rdr xl0 <my external ip>/32 port 80 -> 192.168.1.20
port 80
map xl0 192.168.1.0/24 -> <my external ip>/32 portmap
tcp/udp 10000:60000
map xl0 192.168.1.0/24 -> <my external ip>/32
--

I have moved the rdr command around to the top (as
shown above) in the middle, and at the bottom, none
work. Here are my ipf.rules (xl0 is external, xl1 is
internal).

--
pass out quick on lo0
pass in quick on lo0

block in log quick on xl0 from 0.0.0.0/32 to any
block in log quick on xl0 from 255.255.255.255/32 to
any
block in log quick on xl0 from 127.0.0.0/8 to any

block in log quick on xl0 from any to 0.0.0.0/32
block in log quick on xl0 from any to
255.255.255.255/32
block in log quick on xl0 from any to 127.0.0.0/8

block in log quick on xl1 from 172.16.0.0/12 to any
block in log quick on xl1 from 10.0.0.0/8 to any

block in log quick on xl1 from any to 172.16.0.0/12
block in log quick on xlpass in quick on xl0 proto
icmp all icmp-type 0
pass in quick on xl0 proto icmp all icmp-type 3
pass in quick on xl0 proto icmp all icmp-type 11

pass in quick on xl0 proto tcp from any to any port =
22 flags S/SA keep state
pass in quick on xl0 proto tcp from any to any port =
25 flags S/SA keep state
pass in quick on xl0 proto tcp fron any to any port =
80 flags S/SA keep state

pass out on xl0 proto tcp all keep state

block return-rst in on xl0 proto tcp from any to any
port = 113

pass in on xl0 proto udp from 1.2.3.1 port = 53 to any
pass in on xl0 proto udp from 1.2.3.2 port = 53 to any

block in quick on xl0 proto tcp all flags S/SA
block out quick on xl0 protp tcp all flags SA/SA1 from
any to 10.0.0.0/8
--

Anyone know what is going on? If there is a Man page
that I missed that explains what I am doing wrong
please tell me to read it!

Thanks,
Wokness


__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/