Date: Sun, 8 Jul 2007 22:10:02 +1000 From: "Morgan Reed" <morgan.s.reed@gmail.com> To: freebsd-pf@freebsd.org Subject: Simple NAT question Message-ID: <b024b3480707080510q598e4c16r98b917199d1ba80@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I've got an issue with a simple NAT with pf. I've got two machines; the first (I will call m1) has 2 ethernet interfaces (I will call them m1.0 and m1.1) the second (I will call m2) has 1 ethernet interface (I will call it m2.0) m1.0 faces my LAN, m1.1 and m2.0 are on a separate, isolated segment. what I need to be able to do is to access the "outside world" from m2 and be able to get to Ports 80, 443 and 3128 on m2 from my LAN by connecting to ports 80, 443 and 3128 on m1 and having traffic forwarded appropriately. m1.0 - 192.168.0.X/24 (DHCP assigned) m1.1 - 192.168.1.2/24 m2.0 - 192.168.1.30/24 /etc/pf.conf ========================================================= ext_if="m1.0" int_if="m1.1" nat on $ext_if from !($ext_if) -> ($ext_if:0) rdr pass on $ext_if proto tcp to port 80 -> 192.168.1.30 port 80 rdr pass on $ext_if proto tcp to port 443 -> 192.168.1.30 port 443 rdr pass on $ext_if proto tcp to port 3128 -> 192.168.1.30 port 3128 pass in keep state pass out keep state ========================================================= The current status is as follows; * I can ping m1.0 from m2 * I can't ping any of the other address on the 192.168.0.0/24 network from m2 - tcpdump'ing m1.1 * Connecting to one of the forwarded ports on m1.0 I see nothing * Connecting from m2 to a host on the LAN I see the connections going out but, not coming back Your assistance is greatly appreciated. Morgan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b024b3480707080510q598e4c16r98b917199d1ba80>