Re: pf and apache

Fri, 01 Mar 2013 10:33:45 -0800 

Thanks everyone. Seems to be working from outside, so for now I'll just go
with the direct ip of the server when I need to access it internally.

On Fri, Mar 1, 2013 at 11:22 AM, Pawel Jurusz <mailing.s...@gmail.com>wrote:

> Hello,
>
> If You are using only redirections, source host will receive SYN-ACK
> from 192.168.1.70, but there was not previously SYN to this address, so
> source host will send TCP Reset. Solution may be:
>
> pass in on $int_if proto tcp from $int_if:network to any port 80 rdr-to
> 192.168.1.70
> pass out on $int_if proto tcp from $int_if:network to any port 80
> received-on $int_if nat-to $int_if
>
>
> W dniu 01.03.2013 06:07, Matt Morrow pisze:
> > I have pf running on an openbsd box handling port forwarding. All ports
> > seem to forward ok except for port 80.
> >
> > Apache is running on a slackware box. I can access apache just fine
> > internally by using the ip address of that server (192.168.1.70), but if
> I
> > access the ip of the openbsd box (192.168.1.60) I just get an error that
> > the server is not available. It should be forwarding port 80 to the
> > slackware box.
> >
> > Here is my pf.conf
> > -----------------------------
> > ext_if = "rl0"
> > int_if = "em0"
> >
> > icmp_types="echoreq"
> > set block-policy return
> > set loginterface egress
> >
> > set skip on lo
> > match out on egress inet from !(egress:network) to any nat-to (egress:0)
> > block in log
> > pass out log quick
> > antispoof quick for { lo $int_if }
> >
> > #################################
> > #   port forwarding
> > #################################
> > pass in on $ext_if proto tcp from any to any port 80 rdr-to 192.168.1.70
> > port 80
> > pass in on $int_if proto tcp from any to any port 80 rdr-to 192.168.1.70
> > port 80
> > pass in on $ext_if proto tcp from any to any port 6699 rdr-to
> 192.168.1.60
> > port 22
> > pass in on $ext_if proto tcp from any to any port 51413 rdr-to
> > 192.168.1.105 port 51413
> > pass in on $ext_if proto udp from any to any port 51413 rdr-to
> > 192.168.1.105 port 51413
> > pass in on $int_if proto udp from any to any port 58846 rdr-to
> > 192.168.1.101 port 6881
> > pass in on $ext_if proto tcp from any to any port 9000 rdr-to
> 192.168.1.105
> > port 81
> >
> > ############################################################
> > #pass in log (all) inet proto icmp all icmp-type $icmp_types
> > pass in log (all) on $int_if

Reply via email to