I'm maintaining some OpenBSD-based firewalls and have been really stumped
with a problem when trying to add a Sonicwall VPN appliance behind the
firewall, and thought I'd ask here for help.
The Sonicwall device uses SSL on port 443 for it's external VPN traffic
and listens on other ports for internal LAN traffic and it uses a single
network interface for this. On our installation, there is a webmail server
behind the firewall listening on port 443 and the existing PF rule for
this is (abbreviated for clarity):
ext_if="vr0"
int_if="vr1"
webmail="192.168.30.14"
rdr pass log on $ext_if proto tcp from any to $ext_if port 443 -> $webmail
port 443
This works fine so as external port 443 is already in use for webmail, I
decided to use external port 444 for the Sonicwall and added these two
extra rules:
sonicwall="192.168.30.28"
rdr pass log on $ext_if proto tcp from any to $ext_if port 444 -> $sonicwall
port 443
However, the Sonicwall cannot be accessed from the external port 444
although it can be accessed internall on port 443 of course. I have tested
this rule by changing it to point to the webmail server like this:
rdr pass log on $ext_if proto tcp from any to $ext_if port 444 -> $webmail
port 443
and this works fine as I can access webmail on port 444. But why can't I
access the Sonicwall on port 444? Does anyone know if the Sonicwall uses
additional ports or has anyone got this device to with with a PF-based
firewall?
Thanks in advance for any suggestions,
Andy
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
