[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3.1 pf question

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: 3.1 pf question
From: Henning Brauer <lists-openbsd_(_at_)_bsws_(_dot_)_de>
Date: Tue, 9 Jul 2002 02:28:57 +0200
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org

On Mon, Jul 08, 2002 at 06:01:54PM -0400, coldiso_(_at_)_houx_(_dot_)_org wrote:
> My issue:
> 
>         I want to forward port say 3022 to another machine behind the 
> firewall to port 22.  This is my config pf and nat respectivley.
> 
> <pf_snip>
> pass in log on $ext_if inet proto tcp from any to any port = 3022 flags S/SA
> </pf_snip>
> 
> <nat_snip>
> rdr on $ext_if proto tcp from any to any port 3022 -> 192.168.1.191 port 22 
> </nat_snip>
> 
> Where the oddness happens is I can't conect to port 3022 unless I add this 
> statement to pf.conf
> 
> pass in log quick on $ext_if inet proto tcp from any to any port = 22 flags S/SA

yes. rdr happens BEFORE the filter rules see the traffic.

References:
- 3.1 pf question
  - From: coldiso

Prev by Date: Re: messages!
Next by Date: Re: UPnP NAT Traversal
Previous by thread: 3.1 pf question
Next by thread: cd0c problems
Index(es):
- Date
- Thread

Visit your host, monkey.org