On Nov 27, 2012, at 6:34 PM, Doug Sampson <do...@dawnsign.com> wrote:
> [...]
>
>> Rules from pf.conf
>>
>> --------------------------------------------
>> # macros
>> ext_if="xl0"
>> int_if="bge0"
>>
>> tcp_services="{ 22, 993, 5910:5917 }"
>> tcp_priv_services="{ 389, 443 }"
>> proxy_services = "{ 21, 80 }"
>> icmp_types="{ echoreq unreach squench timex }"
>> internal_net = "172.18.0.0/16"
>> proxy = "172.18.0.1"
>> proxyport="8021"
> ^
> No whitespace here
>
>>
>> # tables
>> table <goodguys> persist
>> table <sshguard> persist
>>
>> # options
>> set block-policy return # ports are closed but can be seen
>> set loginterface $ext_if
>>
>> set skip on lo0
>>
>> # scrub
>> scrub in
>>
>> rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021
>>
>> # redirect www trafic to proxy
>> rdr on $int_if inet proto tcp from $internal_net to any port
>> $proxy_services -> $proxy port 8080
> ^
> Whitespace here. Maybe that's the issue here?
>
Erm, working as intended, Doug.
He's redirecting from his internal net to any port defined as proxiable, to his
$proxy machine on port 8080.
Looks good to me.
>> # ext_if IP address could be dynamic, hence ($ext_if)
>> nat on $ext_if from !($ext_if) to any -> ($ext_if)
>
> [...]
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
