Now I understand why you guys need an rdr rule. I'm port forwarding my RDC connections through ssh. This eliminates the need for rdr. However, if you don't port forward, then I can see why the rdr rule is needed.
I assumed too much before in my previous post. Sorry for that. If you're allowing remote users coming in from the Internet, I'd strongly suggest port forwarding over rdr. Cheers, Mark T. Uemura OpenBSD Support Japan Inc. www.openbsd-support.com > I have authpf working for RDP to my machine at the house. It needed > these lines to work for me. Hopefully they will help you too. > > ----/etc/authpf/users/steve/authpf.rules-------- > #variables > ext_if = "fxp0" > xp_machine = "192.168.1.107" > > # redirection to ms rdp > rdr on $ext_if inet proto tcp from $user_ip to ($ext_if) port 3389 -> > $xp_machine > > # pf additions > pass in on $ext_if inet proto tcp from $user_ip to $xp_machine port > 3389 modulate state > --------------end--------------------- > > ---------/etc/pf.conf (edited)------------- > rdr-anchor "authpf/*" > anchor "authpf/*" > --------end--------- > > My pf.conf file only needed the two authpf statements. Other than > these two things the only other I had thing I had to do was modify > /etc/dhcpd.conf so that machines had a specific IP when they booted so > that users could RDP to them from outside.
