I am using PF on 5.4-stable to NAT and firewall my network, but I can't get
port forwarding to work. All requests end up at the OpenBSD box and go no
further. For instance, I opened port 22 in PF to forward to a Centos box,
but ssh on the openbsd box still takes the request. Port 80 isn't working
at all, as there is no apache on the openbsd box. PF is running on
192.168.2.160 and apache is on 192.168.2.170. I can access apache by
directly connecting to 192.168.2.170
Thanks for any help.
PF.conf
---------------
ext_if = "dc0"
int_if = "vr0"
icmp_types="echoreq"
#OPTIONS
set block-policy return
set loginterface egress
set skip on lo
#default block incoming traffic
block in log
#PORT FORWARDING
pass in on egress proto tcp from any to any port 22 rdr-to 192.168.2.170
port 22
pass in on egress proto tcp from any to any port 80 rdr-to 192.168.2.170
port 80
#NAT the entire network
match out on egress inet from !(egress:network) to any nat-to (egress:0)
#pass outgoing traffic through firewall with no checking
pass out quick
#antispoof protection
antispoof quick for { lo $int_if }
pass in inet proto icmp all icmp-type $icmp_types
