Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 15 Nov 2008 18:16:38 +0100
From:      mouss <mouss@netoyen.net>
To:        freebsd-pf@freebsd.org
Subject:   Re: can't add a port forwarding
Message-ID:  <491F03F6.4020307@netoyen.net>
In-Reply-To: <49106B68.2060007@cyanide-studio.com>
References:  <49106B68.2060007@cyanide-studio.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Bastien Semene wrote:
> Hi everyone,
> 
> I'm currently facing a weird problem. I have a pf box acting as a 
> gateway for some services and want to add a port forwarding for https.
> 
> So I added the following rule :
> 
> rdr pass on $ext_if proto tcp from any to any port 443 -> $atlas_ip  
> //variables are correct since I have a similar rule for port 80.
> 
> The "pfctl -s nat" shows this :
> 
> nat on bge0 inet from 10.1.8.1 to any -> "external_interface_ip"
> rdr pass on bge0 inet proto tcp from any to any port = http -> 10.1.8.1
> rdr pass on bge0 inet proto tcp from any to any port = https -> 10.1.8.1
> 
> An Nmap from outside shows this :
> 
> # nmap -P0 -p80,443,17900 "external_interface_ip"
> 
> Starting Nmap 4.20 ( http://insecure.org ) at 2008-11-04 16:22 CET
> Interesting ports on "external_interface_ip":
> PORT      STATE    SERVICE
> 80/tcp        open         http
> 443/tcp      closed      https
> 17900/tcp filtered      unknown
> 

maybe you allow port 80 but not 443 in your pf rules?

> I tried reloading pf rules with "pfctl -F all -f /etc/pf.conf", 
> restarting the machine, but nothing changed. The securelevel is also at 
> -1, so pf should take the changes into account.
> And of course the destination https server receives nothing on https port.
> http and preconfigured nat/forwards works perfectly.
> 
> I tried to comment the "scrub in all" option, but because the rdr line 
> doesn't seem to be affected, I'm not sure this one is.
> 
> If someone has an idea or direction to follow I take every piece of 
> thought.
> Thanks all.
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?491F03F6.4020307>