From owner-freebsd-pf@FreeBSD.ORG Wed Jan 9 17:00:15 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B8AB416A469 for ; Wed, 9 Jan 2008 17:00:15 +0000 (UTC) (envelope-from swygue@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.230]) by mx1.freebsd.org (Postfix) with ESMTP id 7515B13C461 for ; Wed, 9 Jan 2008 17:00:15 +0000 (UTC) (envelope-from swygue@gmail.com) Received: by nz-out-0506.google.com with SMTP id l8so140742nzf.13 for ; Wed, 09 Jan 2008 09:00:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:user-agent:mime-version:to:subject:content-type:content-transfer-encoding:from; bh=yCMB83rhDAC/FafzvfPuj2JPbAq56YM8gmezMtDkMbQ=; b=IvzHV83HnnumAxAK1XDhdame55wWe4y17c+ZOk9fkl4Eh3ez4Qe+1BY2fEUHxidpFWnpLhJUrudVTSk3rsCphSTHnYrnpMCYhpK2+MbJ6L0wFfYLBZgJ6utqPGG4Ktfjtrw2v+ahqjlQsy9mCqqkde1vnJ+25MPCe315737EMBU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:user-agent:mime-version:to:subject:content-type:content-transfer-encoding:from; b=q8PjTGvG3/hcdj40eDX02FTfV8CJuerNuvh26/UTt+tuRj804dKvy0k6+XaZDU2zxkndruYjwKF4065a9CsBxIOst1uVnRqGZhy1uZfqKkKzCMAdiMhjmGObrcDNI5JHHGo1AGr//tlUTP5AmYLReWSjPSoSmXIaOQ5YE7smK2M= Received: by 10.110.26.10 with SMTP id 10mr297848tiz.54.1199896551127; Wed, 09 Jan 2008 08:35:51 -0800 (PST) Received: from pushkin.local ( [150.210.151.82]) by mx.google.com with ESMTPS id i19sm3168682wxd.33.2008.01.09.08.35.49 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 09 Jan 2008 08:35:49 -0800 (PST) Message-ID: <4784F7E3.3060508@rodhouse.org> Date: Wed, 09 Jan 2008 11:35:47 -0500 User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.9) Gecko/20071031 Thunderbird/2.0.0.9 Mnenhy/0.7.5.0 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit From: Rodrique Heron Subject: Forwarding another host X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jan 2008 17:00:15 -0000 Good Day- I'm running FreeBSD 6.2 and I want to know if forwarding to a external host is supported by PF. I want to forward all incoming traffic to port 22 to another host, but it does not work, forwarding to a Jail works though. Here are my configs: ### /etc/rc.conf ifconfig_em0="inet 192.168.2.14 netmask 255.255.255.0" defaultrouter="192.168.2.1" ifconfig_em0_alias0="inet 192.168.2.18 netmask 255.255.255.255" ## JAIL IP gateway_enable="YES" pf_enable="YES" # Enable PF (load module if required) pf_rules="/etc/pf.conf" # rules definition file for pf pf_flags="" # additional flags for pfctl startup pflog_enable="YES" # start pflogd(8) pflog_logfile="/var/log/pflog" # where pflogd should store the logfile pflog_flags="" # additional flags for pflogd startup ### /etc/pf.conf ext_if = "em0" int_if = "lo0" host_ip = "192.168.2.14" jail_ip = "192.168.2.18" external_host = "192.168.2.27" rdr on $ext_if proto tcp from any to $host_ip port 22 -> $external_host port 22 rdr on $ext_if proto tcp from any to $host_ip port 26 -> $jail_ip port 22 pass in quick all pass out quick all Thanks