web server pf problem

Tue, 30 Aug 2005 11:34:59 -0700 

Hi

I have a problem with openbsd with pf

I try to do 

[(fxp0) - 100.0.100.10] -> [web server 1 (100.0.100.1)]
        |
[openbsd (xl0)]  <---> Internet
        |
[(sis0) - 100.0.200.10] -> [web server 2 (100.0.200.1)]
i hope it's enough clear...

So my problem is that i can't access any of my web server via internet but it 
works in local

What am i doing wrong ? did i forget something somewhere ?

Im new to openbsd and pf so....sorry
Thanks for your help


******************************
here is my pf.conf
******************************

int_if = "fxp0"
ext_if = "xl0"
int1_if = "sis0"

tcp_services = "{ 22, 113 }"
icmp_types = "echoreq"

priv_nets = "{ 127.0.0.0/8, 100.0.100.0/16, 100.0.200.0/16, 10.0.0.0/8 }"

web_srv = "100.0.200.1"
web1_srv = "100.0.100.1"



set block-policy return
set loginterface $ext_if

scrub in all

nat on $ext_if from $int_if:network to any -> ($ext_if)
nat on $ext_if from $int1_if:network to any -> ($ext_if)

rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
rdr on $int1_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
rdr on $ext_if proto tcp from any to any port 80 -> $web_srv port 80
rdr on $ext_if proto tcp from any to any port 81 -> $web1_srv port 81

block all

pass quick on lo0 all

block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets

pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services 
flags S/SA keep state
pass in on $ext_if proto tcp from any to $web_srv port 80 flags S/SA synproxy 
state
pass in on $ext_if proto tcp from any to $web1_srv port 81 flags S/SA synproxy 
state
pass in on $ext_if inet proto tcp from port 20 to ($ext_if) user proxy flags 
S/SA keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $int_if from $int_if:network to any keep state
pass in on $int1_if from $int1_if:network to any keep state

pass out on $int_if from any to $int_if:network keep state
pass out on $int1_if from any to $int1_if:network keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state

-------------------------------------------------------------
NetCourrier, votre bureau virtuel sur Internet : Mail, Agenda, Clubs, Toolbar...
Web/Wap : www.netcourrier.com
Tiliphone/Fax : 08 92 69 00 21 (0,34  TTC/min)
Minitel: 3615 NETCOURRIER (0,16  TTC/min)

Reply via email to