Hi,
Reyk Floeter <[EMAIL PROTECTED]> wrote:
> On Mon, Mar 03, 2008 at 10:29:30AM +0100, Wijnand Wiersma wrote:
> > Sebastian Reitenbach wrote:
> > ><cut>
> > >
> > Also a http redirect did not work. I get a timeout in the browser. With
> > >tcpdump I see incoming SYN packets to port 80, but they are not
answered:
> > >
> > >
> > <cut>
> >
> > I am having the same problem with Feb 25 snapshot.
> > It seems no rdr rules are getting loaded into PF.
> >
>
> ? the previous bug report was about relays only, it does not load any
> rdr rules into PF.
>
> in your case, have you added the relayd anchor to pf.conf?
>
> rdr-anchor "relayd/*"
yeah, I have, below my pf.conf:
ext_if="hme0"
table <possible_ogohosts> persist { 10.0.0.121, 10.0.0.122, 10.0.0.123,
10.0.0.124, 10.0.0.125 }
set skip on lo
scrub in
rdr-anchor "relayd/*"
block in log
pass out log
antispoof quick for { lo }
pass in log on $ext_if proto tcp to ($ext_if) port ssh
pass in log on $ext_if proto tcp to ($ext_if) port https
pass in log on $ext_if proto tcp to ($ext_if) port http
pass in log on $ext_if proto tcp to <possible_ogohosts> port http
the table, and the last pass rule is because these connections got blocked,
without that rule. But I assume, if everything would work correctly, I
wouldn't need it.
Sebastian
