On Tue, Jan 16, 2007 at 09:32:02AM -0500, Charles Farinella wrote: > I have an OpenBSD 3.9 machine with a public IP providing NAT and > firewalling for our internal network. It has 3 interfaces: > > dc0: public ip from internet X.X.X.25 > dc1: 192.168.100.x to internal network. This works well. > dc2: 192.168.200.x --> to Windows server. > > I need to allow public access to the Windows server connected to dc2 > (one port only). Currently I have a private network address assigned > to dc2 and a public one (X.X.X.26) assigned to the machine connected > to it.
You should put a private 192.168.200.x IP address on the Windows box, not a global X.X.X.26 address. Afterwards, do a simple port forwarding (redirection in pf language) at the OpenBSD box, e.g. rdr on dc0 proto tcp from any to (dc0) port $wbpp -> $wbip pass in on dc0 inet proto tcp from any to $wbip port $wbpp flags S/SA \ keep state where $wbip is the private IP address of the Windows box and $wbpp is the port you want to redirect to the Windows box (wbpp = 'Windows box public port'). I guess the rules could be combined into a single 'rdr pass' rule but I like it this way... Remember to set up a default route on the Windows box (it should of course use the OpenBSD box as its default route). Regards, Martin > I need to know how to access the X.X.X.26 machine from the internet. > My attempts at redirecting with pf rules haven't been successful so > far, and I'm not sure that's how I should be approaching it. > > I've been playing with this for a few days, and am kind of lost, so > any advice, pointers to docs, examples, etc. would be very much > appreciated. > > thanks, > > --charlie
