I'm having some problems getting pf to forward ports. My computer is
running a fresh install of OpenBSD 4.5.
My internal network is using 172.17.2.0/24 and I need pf to do NAT and
forward some ports to two internal servers.
NAT is working just fine, (e.g. the internal computers can browse the
web etc.) but I can't connect to my internal servers from the outside.
Here is my pf.conf:
-----------------
ext_if = "rl0"
int_if = "fxp0"
localnet = $int_if:network
udp_services = "{ domain, ntp }"
email_server = "172.18.2.10"
email_ports = "{ smtp, submission }"
web_server = "172.18.2.251"
web_ports = "{ http, https, imap, 3389 }"
nat on $ext_if from $localnet to any -> $ext_if
rdr on $ext_if proto tcp from any to $ext_if port $email_ports ->
$email_server
rdr on $ext_if proto tcp from any to $ext_if port $web_ports -> $web_server
block all
pass out
pass from { lo0, $localnet } to any
pass quick inet proto { tcp, udp } to any port $udp_services
icmp_types = "echoreq"
pass inet proto icmp all icmp-type $icmp_types
#traceroute
pass out on $ext_if inet proto udp from any to any port 33433 >< 33626
pass proto tcp from any to $web_server port $web_ports synproxy state
pass proto tcp from any to $email_server port $email_ports synproxy state
pass proto tcp from $email_server to any port smtp synproxy state
-------------------
Any ideas will be much appreciated!
