[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Multiple exceptions (!) with rdr in /etc/nat.conf (OpenBSD 3.0)?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Multiple exceptions (!) with rdr in /etc/nat.conf (OpenBSD 3.0)?
From: Richard Lotz <rlotz_(_at_)_u_(_dot_)_washington_(_dot_)_edu>
Date: Mon, 25 Feb 2002 11:46:51 -0800 (PST)

I've been trying to provide multiple exceptions to the rdr command in
nat.conf.

The following works fine:

rdr on fxp1 proto tcp from ! 10.19.1.53 to any port 80 -> 10.19.1.1 port 5280

It operates as expected and redirects traffic from any IP not 10.19.1.53
on the network.  However, I have the need to allow multiple exceptions
such that it will NOT redirect the IPs I have listed.  Something like:

rdr on fxp1 proto tcp from ! 10.19.1.53 to any port 80 -> 10.19.1.1 port 5280
rdr on fxp1 proto tcp from ! 10.19.1.54 to any port 80 -> 10.19.1.1 port 5280

	or

rdr on fxp1 proto tcp from {! 10.19.1.54, ! 10.19.1.53 } to any port 80 -> \
 10.19.1.1 port 5280

However, neither syntax seems to work.  Is there something I'm over
looking or is this feature not available in 3.0's pf implementation?
When looking at the CVS updates to current it looks like some
modifications to pf nat syntax have been accepted, but I wasn't able to
discern specifics.  Is a solution available in current?

I couldn't find any reference/solution to this in the archives, but I
could have overlooked it.

thanks,

-richard

--
Richard Lotz
GPG Key:     http://students.washington.edu/rlotz/key.txt
Fingerprint: 6BD7 C584 7DDC 43FD F0D4  87AB 5A8F 89D5 B3CC 9517

Follow-Ups:
- Re: Multiple exceptions (!) with rdr in /etc/nat.conf (OpenBSD 3.0)?
  - From: Ben Goren

Prev by Date: Re: Create a canned "Firewall Build" or RFHH
Next by Date: Anyone Have TrendMicro prods running on obsd?
Previous by thread: RS/6000
Next by thread: Re: Multiple exceptions (!) with rdr in /etc/nat.conf (OpenBSD 3.0)?
Index(es):
- Date
- Thread

Visit your host, monkey.org