On Tue, Jan 16, 2007 at 04:44:03PM +0100, Martin Toft wrote: > On Tue, Jan 16, 2007 at 09:32:02AM -0500, Charles Farinella wrote: > > I have an OpenBSD 3.9 machine with a public IP providing NAT and > > firewalling for our internal network. It has 3 interfaces: > > > > dc0: public ip from internet X.X.X.25 dc1: 192.168.100.x to internal > > network. This works well. dc2: 192.168.200.x --> to Windows > > server. > > > > I need to allow public access to the Windows server connected to dc2 > > (one port only). Currently I have a private network address > > assigned to dc2 and a public one (X.X.X.26) assigned to the machine > > connected to it. > > You should put a private 192.168.200.x IP address on the Windows box, > not a global X.X.X.26 address. Afterwards, do a simple port forwarding > (redirection in pf language) at the OpenBSD box, e.g. > > rdr on dc0 proto tcp from any to (dc0) port $wbpp -> $wbip > pass in on dc0 inet proto tcp from any to $wbip port $wbpp flags \ > S/SA keep state > > where $wbip is the private IP address of the Windows box and $wbpp is > the port you want to redirect to the Windows box (wbpp = 'Windows box > public port'). I guess the rules could be combined into a single 'rdr > pass' rule but I like it this way... > > Remember to set up a default route on the Windows box (it should of > course use the OpenBSD box as its default route). > > Regards, > Martin > > > I need to know how to access the X.X.X.26 machine from the internet. > > My attempts at redirecting with pf rules haven't been successful so > > far, and I'm not sure that's how I should be approaching it.
Hmm, sorry, I didn't take the above paragraph into account before. If you decide to try my earlier advice, you should add X.X.X.26 as an alias to the dc0 interface and replace "(dc0)" with X.X.X.26 in the rdr rule. Regards, Martin > > I've been playing with this for a few days, and am kind of lost, so > > any advice, pointers to docs, examples, etc. would be very much > > appreciated. > > > > thanks, > > > > --charlie
