Re: RDR rule on PF

On 5/13/07, Alberich de megres <[EMAIL PROTECTED]> wrote: On 5/13/07, Johan Linner <[EMAIL PROTECTED]> wrote: > > Is IP forwarding enabled? > > # sysctl net.inet.ip.forwarding=1 > > /Johan I checked tcpdump on internal if, and it's not working. I enabled ip forwarding on sysctl.conf, yes. It's

Re: RDR rule on PF

I checked tcpdump on internal if, and it's not working. I enabled ip forwarding on sysctl.conf, yes. It's so weird. I'm shure it's a very stupid mistake but i can't find it... On 5/13/07, Johan Linner <[EMAIL PROTECTED]> wrote: > > Is IP forwarding enabled? > > # sysctl net.inet.ip.forwarding=1

Re: RDR rule on PF

Is IP forwarding enabled? # sysctl net.inet.ip.forwarding=1 /Johan

Re: RDR rule on PF

On 5/12/07, Alberich de megres <[EMAIL PROTECTED]> wrote: On 5/12/07, Joachim Schipper <[EMAIL PROTECTED]> wrote: > You only redirect traffic when it comes in on $ext_if; so, if try to > test your setup from any other interface, notably $int_if, you will > indeed see the Apache process on the fir

Re: RDR rule on PF

I have an external machine, and i try my setup from this external machine that enters directly to $ext_if, so direction is IN. And i checked yet the link you point me. Thanks for all Any help? On 5/12/07, Joachim Schipper <[EMAIL PROTECTED]> wrote: > > On Sat, May 12, 2007 at 12:15:24PM +0200,

Re: RDR rule on PF

I'm trying to via passing trhough $ext_if. My $ext_if (rl0) has no ip addres, they share one with a carp device. On 5/12/07, Stuart Henderson <[EMAIL PROTECTED]> wrote: > > On 2007/05/12 12:15, Alberich de megres wrote: > > what you mean? > > Where are you trying to connect from when you test t

Re: RDR rule on PF

On Sat, May 12, 2007 at 12:15:24PM +0200, Alberich de megres wrote: > On 5/12/07, Stuart Henderson <[EMAIL PROTECTED]> wrote: > > On 2007/05/12 11:11, Alberich de megres wrote: > > > rdr on $ext_if inet proto tcp from any to ($ext_carp_if) port 22 -> > > > 192.168.0.200 port 22 > > > rdr on $ext_if

Re: RDR rule on PF

On 2007/05/12 12:15, Alberich de megres wrote: > what you mean? Where are you trying to connect from when you test this? The connection needs to pass through $ext_if in order to be matched by the redirect rules you are using. You may need to read http://www.openbsd.org/faq/pf/rdr.html#reflect

Re: RDR rule on PF

what you mean? On 5/12/07, Stuart Henderson <[EMAIL PROTECTED]> wrote: > > On 2007/05/12 11:11, Alberich de megres wrote: > > rdr on $ext_if inet proto tcp from any to ($ext_carp_if) port 22 -> > > 192.168.0.200 port 22 > > rdr on $ext_if inet proto tcp from any to ($ext_carp_if) port 80 -> > > 19

Re: RDR rule on PF

On 2007/05/12 11:11, Alberich de megres wrote: > rdr on $ext_if inet proto tcp from any to ($ext_carp_if) port 22 -> > 192.168.0.200 port 22 > rdr on $ext_if inet proto tcp from any to ($ext_carp_if) port 80 -> > 192.168.0.200 port 80 > > pass out all > pass in all > > but http conections and ssh

RDR rule on PF

Hi, I send a previous mail about this yet, but i really can't fix the problem. I readed a book recomended on openbsd site: building firewall with pf and openbsd, and as i can understand rdr rules are very simple. That's what i do on pf.conf: pf.conf: ext_if="rl1" ext_carp_if="carp1" int_if="rl2