From owner-freebsd-pf@FreeBSD.ORG Sat Jun 14 00:50:14 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B2E66106564A for ; Sat, 14 Jun 2008 00:50:14 +0000 (UTC) (envelope-from mszathmar@gmail.com) Received: from hu-out-0506.google.com (hu-out-0506.google.com [72.14.214.238]) by mx1.freebsd.org (Postfix) with ESMTP id 2D5748FC13 for ; Sat, 14 Jun 2008 00:50:13 +0000 (UTC) (envelope-from mszathmar@gmail.com) Received: by hu-out-0506.google.com with SMTP id 34so6219142hue.8 for ; Fri, 13 Jun 2008 17:50:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=Au/Ie+HE8eoEabcjIfVhkzIfLJbNIflYoJMBC3vZEfs=; b=Qa4iYIPbiQxKtDQX8ffj37HIzKn3rCFgJ+6+OEQdXY7tKBCf6GI5Wh/sOpuoo4EvFF lEwfgBTgWSnGnfE/6s4TEVpqxzrYASWDWGy1VMOY3vCJf3XlKpr94KAwMZuznm6Hmal8 c4h9kjuzWljvroZf9tyOXcOVFArTgSRjkUEPw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=F8TwZjMse/7QutOQ4evBaiFdbYubF2kILOMOoIxfWcBMAczY0xPT3pDWGVW+cejxUb LPVGW4qpU1Es0zTDjPKXIpvRQeGCFRUnce+/FvUk71eKOCtbviRf5Zx81tRdWefYYOXy NV7/YaHGz+MNo0jUpjl/8ILyQ4TEC53xjYZPI= Received: by 10.103.213.10 with SMTP id p10mr194580muq.46.1213403656965; Fri, 13 Jun 2008 17:34:16 -0700 (PDT) Received: by 10.125.136.4 with HTTP; Fri, 13 Jun 2008 17:34:16 -0700 (PDT) Message-ID: Date: Fri, 13 Jun 2008 17:34:16 -0700 From: "=?ISO-8859-1?Q?Margo_Szathm=E1r?=" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: rdr rules with pf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jun 2008 00:50:14 -0000 Hello everyone, I'm trying to set up jails behind a NAT on my FreeBSD 7.0 box here as I've only got one IP to play with. I'm currently using pf with the following configuration: ext_if="rl0" external_addr="x.x.x.x" internal_net="192.168.222.0/24" nat on $ext_if from $internal_net to any -> $external_addr rdr on rl0 proto tcp from any to any port 5223 -> 192.168.222.2 pass in all pass out all The jail in question is sitting on 192.168.222.2 and is able to connect out. The only problem I'm having is that the rdr statement doesn't seem to be working. The examples I've been able to find so far encompass only situations in which the box has more than one nic (see a lot of ext_if and int_if) and I haven't been able to find anything concrete. The box is also running ipfw which I suspect may be causing some conflicts ... to bypass these, however, I've added rule 1 as "allow ip from any to any" Can anyone point out my error? I realize that this question is probably asked near constantly and there's probably some link I simply haven't consulted yet and for that I apologize. Thanks for your input! With love, Margo S.