Date: Fri, 5 Feb 2010 19:41:39 +0200 From: Spas Karabelov <st0ma@sofiahouse.net> To: freebsd-stable@freebsd.org Subject: PF Traffic Redirection issues Message-ID: <331b660a1002050941y256e3343i65afe78df5eba4e5@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, I am trying to perform traffic redirection with PF on 7.2-RELEASE. The traffic is in the same subnet and I try doing that by using just one interface em0. Mu current setup of pf is as follows: No ALTQ support in kernel ALTQ related functions disabled TRANSLATION RULES: rdr pass on em0 inet proto tcp from any os "NMAP" to any port 1:65535 -> 192.168.128.170 port 22 rdr pass on em0 inet proto tcp from 192.168.128.126 to any port = http -> 192.168.128.103 port 83 rdr pass on em0 inet proto tcp from 192.168.128.126 to any port = rdp -> 192.168.128.102 port 3389 rdr pass on em0 inet proto tcp from any to any port = ctf -> 192.168.128.102 port 83 FILTER RULES: scrub in all fragment reassemble block drop log all block drop in on ! em0 inet from 192.168.128.0/24 to any block drop in inet from 192.168.128.170 to any pass in on em0 inet proto tcp from any to 192.168.128.170 port = ssh flags S/SA keep state pass in on em0 inet proto tcp from any to 192.168.128.102 port = ctf flags S/SA synproxy state pass in on em0 inet proto tcp from any to 192.168.128.103 port = mit-ml-dev flags S/SA synproxy state pass out all flags S/SA keep state When I try to perform request they get the state of *SYN_SENT:CLOSED* : No ALTQ support in kernel ALTQ related functions disabled all tcp 192.168.128.170:22 <- 192.168.128.126:53162 ESTABLISHED:ESTABLISHED all tcp 192.168.128.102:83 <- 192.168.128.170:84 <- 192.168.128.104:8351 CLOSED:SYN_SENT all tcp 192.168.128.104:8351 -> 192.168.128.102:83 *SYN_SENT:CLOSED* Any advice is much appreciated. KR, Spas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?331b660a1002050941y256e3343i65afe78df5eba4e5>