From owner-freebsd-pf@FreeBSD.ORG  Wed Dec 15 15:30:01 2004
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BB06B16A4CE
	for <freebsd-pf@freebsd.org>; Wed, 15 Dec 2004 15:30:01 +0000 (GMT)
Received: from hotmail.com (bay103-dav18.bay103.hotmail.com [65.54.174.90])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5466B43D5D
	for <freebsd-pf@freebsd.org>; Wed, 15 Dec 2004 15:30:01 +0000 (GMT)
	(envelope-from zeno_lee@hotmail.com)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 15 Dec 2004 07:30:01 -0800
Message-ID: <BAY103-DAV183A70AB8A1A10801AD539E2AD0@phx.gbl>
Received: from 68.236.191.168 by BAY103-DAV18.phx.gbl with DAV;
	Wed, 15 Dec 2004 15:29:18 +0000
X-Originating-IP: [68.236.191.168]
X-Originating-Email: [zeno_lee@hotmail.com]
X-Sender: zeno_lee@hotmail.com
From: "Zeno Lee" <zeno_lee@hotmail.com>
To: <freebsd-pf@freebsd.org>
References:
	<BAY103-DAV17C00EC3123282040DE4DFE2AC0@phx.gbl><200412141647.01789.pathiaki@pathiaki.com><c2d45d6e0412141358aeb59da@mail.gmail.com><BAY103-DAV14F692401C0E2E5A4D2083E2AC0@phx.gbl>
	<20041214205809.5bc3564f.antonio.torres@newspace.net.br>
Date: Wed, 15 Dec 2004 10:29:11 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-OriginalArrivalTime: 15 Dec 2004 15:30:01.0003 (UTC)
	FILETIME=[F11A17B0:01C4E2BA]
Subject: Re: NAT works but port forwarding does not
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Dec 2004 15:30:01 -0000

I appreciate all your help.  It's still not working.

Antonio's suggestion is the syntax I already had.  I mistyped my email.
I tried Paul's suggestion but it still doesn't work.

I'm not a network expert.  It's probably something very obvious.  I'm going 
to describe my 2 interfaces more

external interface is: em0 inet 160.79.174.98  netmask 255.255.255.248
internal interface is: em1 inet 192.168.1.55  netmask 255.255.255.0

em0 is running at 100 half duplex
em1 is running at 100 full duplex

/etc/pf.conf

ext_if="em0"
int_if="em1"
webserver=192.168.1.54
nat on $ext_if from $int_if:network to any -> ($ext_if)
rdr on $ext_if proto tcp from any to $ext_if port 80 -> $webserver port 80

NAT is working perfectly fine.  I can ssh into em0 and then telnet to port 
80 and do a GET on index.html.


It's a brand new FreeBSD 5.3 install.  I updated to 5.3 stable and rebuilt 
the kernel only adding the following to the configuration

device          pf
device          pflog
device          pfsync

options         ALTQ
options         ALTQ_CBQ        # Class Bases Queueing
options         ALTQ_RED        # Random Early Drop
options         ALTQ_RIO        # RED In/Out
options         ALTQ_HFSC       # Hierarchical Packet Scheduler
options         ALTQ_CDNR       # Traffic conditioner
options         ALTQ_PRIQ       # Priority Queueing
options         ALTQ_NOPCC      # Required for SMP build
options         ALTQ_DEBUG