From owner-freebsd-pf@FreeBSD.ORG Fri Jan 11 02:37:51 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5062216A418 for ; Fri, 11 Jan 2008 02:37:51 +0000 (UTC) (envelope-from swygue@rodhouse.org) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.158]) by mx1.freebsd.org (Postfix) with ESMTP id CAECB13C43E for ; Fri, 11 Jan 2008 02:37:50 +0000 (UTC) (envelope-from swygue@rodhouse.org) Received: by fg-out-1718.google.com with SMTP id 16so978879fgg.35 for ; Thu, 10 Jan 2008 18:37:49 -0800 (PST) Received: by 10.78.204.1 with SMTP id b1mr3232964hug.73.1200019069037; Thu, 10 Jan 2008 18:37:49 -0800 (PST) Received: by 10.78.146.17 with HTTP; Thu, 10 Jan 2008 18:37:49 -0800 (PST) Message-ID: <1a5f1a2d0801101837r338b5453m7a8f673e3b03833e@mail.gmail.com> Date: Thu, 10 Jan 2008 21:37:49 -0500 From: "Rodrique Heron" To: "Michal Varga" In-Reply-To: <1200009515.36543.27.camel@xenon> MIME-Version: 1.0 References: <4784F7E3.3060508@rodhouse.org> <1199919114.59461.10.camel@xenon> <1a5f1a2d0801100501j664f6b81sebe866b986a05500@mail.gmail.com> <1199977668.36543.12.camel@xenon> <1a5f1a2d0801100910r1316d24dibb2b12720dfda207@mail.gmail.com> <1200009515.36543.27.camel@xenon> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-pf@freebsd.org Subject: Re: Forwarding another host X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Jan 2008 02:37:51 -0000 On 1/10/08, Michal Varga wrote: > > > On Thu, 2008-01-10 at 12:10 -0500, Rodrique Heron wrote: > > > > Thanks > > > > FreeBSD syntax for log all is "log-all", I have no block rules. I am > > passing everything with. > > > > pass in quick all > > pass out qick all > > > ah, I think this may be another problem. Syntax for log (all) really > *was* log-all, in PF 3.7, that is approximately the version used in > FreeBSD 6.x. I somehow forgot about this from your first mail. As > FreeBSD 7 incporporates PF 3.9, things behave a little differently here > and there. anyway, can you show me the exact PF config you are using > now, one that you think should work and doesn't? > > > > > > Sorry for the duplicate, I forgot to CC the list. Both host are in the same broadcast domain,connected to the same switch. INTERNET | | PIX Firewall | | SWITCH*---*HOSTA 192.168.2.14 * | | * HOSTB 192.168.2.27 ### /etc/pf.conf ext_if = "em0" int_if = "lo0" host_ip = " 192.168.2.14" jail_ip = "192.168.2.18" external_host = "192.168.2.27" rdr on $ext_if proto tcp from any to $host_ip port 22 -> $external_host port 22 rdr on $ext_if proto tcp from any to $host_ip port 26 -> $jail_ip port 22 pass in quick all pass out quick all