[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rdr problem



HI All

I have the following problem, I cannot get rdr to work.  I have read
RTFM, and used the guide on Onlamp
"http://www.onlamp.com/pub/a/bsd/2003/03/06/ssn_openbsd.html?page=1";.

I am running a generic OpenBSd 3.3 server, I have 2 interfaces, xl0 and
ne3, both are working 100%.

I have the following in my pf.conf file:

ext_if  = "ne3"
dmz_if = "xl0"
www_ext = "196.15.137.66/32"
www_int = "10.0.5.10/32"
nat_ext = "196.15.137.67/32"
dmz = "10.0.5.0/24"
nat_p = "{tcp, udp, icmp}"
scrub in on $ext_if all
scrub in on $dmz_if all
rdr on $ext_if proto tcp from any to $www_ext port 22 -> $www_int port
22
rdr on $dmz_if proto tcp from $dmz to $www_ext port 22 -> $www_int
port 22
nat on $ext_if proto $nat_p from $dmz to any ->$nat_ext
#binat on $ext_if proto tcp from $www_int to any -> $www_ext
pass in log all
pass out log all

I also have net.inet.ip.forwarding = 1 and pf=YES in my rc.conf.
Each time I try connecting to the external ip "196.15.137.66" I get a
timeout, I have tried the tcpdump on pflog0 with logging enabled but I
don't see any traffic.  It's as if the traffic does not allow anything
to  pass through.  I am able to ping the external interfaces from the
server in the DMZ but I cannot ssh to the external IP, it times out.
I have tried various combinations in the above pf.conf file but I still
get no joy.

 I am 100% certain that I am overlooking something simple, but for
the life of me I cannot figure out what it is, please help.

Thanks in advance.

Mark