From owner-freebsd-stable@FreeBSD.ORG Sun Jul 8 10:41:01 2007 Return-Path: X-Original-To: stable@freebsd.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 106D916A400 for ; Sun, 8 Jul 2007 10:41:01 +0000 (UTC) (envelope-from morgan.s.reed@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.243]) by mx1.freebsd.org (Postfix) with ESMTP id C48EA13C45B for ; Sun, 8 Jul 2007 10:41:00 +0000 (UTC) (envelope-from morgan.s.reed@gmail.com) Received: by an-out-0708.google.com with SMTP id c14so143040anc for ; Sun, 08 Jul 2007 03:41:00 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=rkOZBmJ9zTMcF5QgpqRc7RmBg+VuiSomO0LGXlJDA8KGFI+hhRmwMeJe67gP1xJWBx7jG796DKqGKoodjbzasRF1q6hkuI8BxnENhL27dIfwTh7yloYQXVpYxRWhRXBrrpAbF2bVQ8yhsIdK15X212kQ/jR37SFNCvxUCOCS+wM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=FrcrrX0oDEu8hwn5sypMMqtHRxMPskiNZRo8TMDljIbRSA41ckxLXa/GXpWW5/Km7VcUETJswc25Lrqk29S/NUVL5UWzb3pCLH2ZlHQVF2BkVjc8tmhPLre6WaxSX7D6rmzUPuvyrRromveaYV3pB1zwyuQbIOD8IXJK+DhUdNs= Received: by 10.100.197.15 with SMTP id u15mr1118013anf.1183891260121; Sun, 08 Jul 2007 03:41:00 -0700 (PDT) Received: by 10.100.173.17 with HTTP; Sun, 8 Jul 2007 03:41:00 -0700 (PDT) Message-ID: Date: Sun, 8 Jul 2007 20:41:00 +1000 From: "Morgan Reed" To: stable@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Subject: PF Question X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jul 2007 10:41:01 -0000 Not sure if this is the most appropriate place to ask, feel free to redirect me if it isn't. I've got an issue with a simple NAT with pf. I've got two machines; the first (I will call m1) has 2 ethernet interfaces (I will call them m1.0 and m1.1) the second (I will call m2) has 1 ethernet interface (I will call it m2.0) m1.0 faces my LAN, m1.1 and m2.0 are on a separate, isolated segment. what I need to be able to do is to access the "outside world" from m2 and be able to get to Ports 80, 443 and 3128 on m2 from my LAN by connecting to ports 80, 443 and 3128 on m1 and having traffic forwarded appropriately. m1.0 - 192.168.0.X/24 (DHCP assigned) m1.1 - 192.168.1.2/24 m2.0 - 192.168.1.30/24 /etc/pf.conf ========================================================= ext_if="m1.0" int_if="m1.1" nat on $ext_if from !($ext_if) -> ($ext_if:0) rdr pass on $ext_if proto tcp to port 80 -> 192.168.1.30 port 80 rdr pass on $ext_if proto tcp to port 443 -> 192.168.1.30 port 443 rdr pass on $ext_if proto tcp to port 3128 -> 192.168.1.30 port 3128 pass in keep state pass out keep state ========================================================= The current status is as follows; * I can ping m1.0 from m2 * I can't ping any of the other address on the 192.168.0.0/24 network from m2 - tcpdump'ing m1.1 * Connecting to one of the forwarded ports on m1.0 I see nothing * Connecting from m2 to a host on the LAN I see the connections going out but, not coming back Your assistance is greatly appreciated. Morgan