Date: Wed, 1 Feb 2006 09:25:06 -0800 From: Jon Simola <jon@abccomm.com> To: Keith Bottner <keith@barkinglizards.com> Cc: freebsd-pf@freebsd.org Subject: Re: Port redirection just not working! Message-ID: <8eea04080602010925x16640e22h4fb1f121577f405c@mail.gmail.com> In-Reply-To: <0be301c62748$624140d0$0e01a8c0@Stile> References: <0be301c62748$624140d0$0e01a8c0@Stile>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/1/06, Keith Bottner <keith@barkinglizards.com> wrote:
> I am having a problem getting packet filter to redirect incoming traffic
> destined for a specific IP and port to an internal DMZ host.
> rdr pass on $ext_if proto tcp from any to $ext_http_addr port 9874 ->
> $dmz_clip_addr
If you use an RDR to punch traffic to a DMZ host, you also need a NAT
rule in the opposite direction to make sure the traffic reappears from
the same IP. What I'm doing:
rdr on em0 proto tcp from any to $user_mailserver port {pop3, smtp} ->
10.188.0.7
nat on em0 proto tcp from 10.188.0.7 port {pop3, smtp} to any ->
$user_mailserver
rdr on vlan130 proto tcp from vlan130:network to $user_mailserver port
{pop3,smtp} -> 10.188.0.7
nat on vlan130 proto tcp from 10.188.0.7 port {pop3,smtp} to
vlan130:network -> $user_mailserver
Of course, this leads to huge piles of rules but is working great. (2
per server per interface)
--
Jon Simola
Systems Administrator
ABC Communications
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8eea04080602010925x16640e22h4fb1f121577f405c>