Re: Traffic redirect no longer working

2010-05-25 Thread Lars Hecking
Stuart Henderson writes: > i think it's simpler if you write this as one rule: > > pass in quick on $ext_if proto tcp from $work_hosts to $ssh_host \ > port ssh rdr-to $ssh_host modulate state Not quite, since $ssh_host is on the private IP network This is the rule pass in log quick on

Re: Traffic redirect no longer working

2010-05-25 Thread Lars Hecking
Stuart Henderson writes: > i think it's simpler if you write this as one rule: > > pass in quick on $ext_if proto tcp from $work_hosts to $ssh_host \ > port ssh rdr-to $ssh_host modulate state I've done that after looking at Peter's presentation :) > is there any change if you remove 'mo

Re: Traffic redirect no longer working

2010-05-25 Thread Stuart Henderson
i think it's simpler if you write this as one rule: pass in quick on $ext_if proto tcp from $work_hosts to $ssh_host \ port ssh rdr-to $ssh_host modulate state is there any change if you remove 'modulate state'? do you have any other 'match' rules that would apply to these packets? redu

Re: Traffic redirect no longer working

2010-05-24 Thread Lars Hecking
lheck...@users.sourceforge.net writes: > I've used the same pf.conf for years with only minimal changes, but 4.7 > broke it, and I can't seem to fix it. > > The OBSD machine is a firwall between a cable modem and a private IP LAN. > Previously, I used these rules to allow ssh access from speci

Re: Traffic redirect no longer working

2010-05-21 Thread Neal Hogan
On Fri, May 21, 2010 at 6:39 AM, Lars Hecking wrote: > Neal Hogan writes: >> On Fri, May 21, 2010 at 4:37 AM, wrote: >> > ?I've used the same pf.conf for years with only minimal changes, but 4.7 >> > ?broke it, and I can't seem to fix it. >> > >> >> Reconsider the PF documentation. There have be

Re: Traffic redirect no longer working

2010-05-21 Thread Neal Hogan
On Fri, May 21, 2010 at 4:37 AM, wrote: > I've used the same pf.conf for years with only minimal changes, but 4.7 > broke it, and I can't seem to fix it. > Reconsider the PF documentation. There have been some changes to the syntax in 4.7. > The OBSD machine is a firwall between a cable mode

Re: Traffic redirect no longer working

2010-05-21 Thread Scott McEachern
On 05/21/10 05:37, lheck...@users.sourceforge.net wrote: rdr on $ext_if proto tcp from $work_hosts to any port ssh -> $ssh_host pass in quick on $ext_if proto tcp \ from $work_hosts to $ssh_host port ssh flags S/SA modulate state In 4.7, I changed this to match in on $ext_if proto tcp

Traffic redirect no longer working

2010-05-21 Thread lhecking
I've used the same pf.conf for years with only minimal changes, but 4.7 broke it, and I can't seem to fix it. The OBSD machine is a firwall between a cable modem and a private IP LAN. Previously, I used these rules to allow ssh access from specific Internet hosts to a machine in the LAN: rdr