From owner-freebsd-stable@FreeBSD.ORG Fri Feb 5 18:04:07 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 793331065672 for ; Fri, 5 Feb 2010 18:04:07 +0000 (UTC) (envelope-from st0ma@sofiahouse.net) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.159]) by mx1.freebsd.org (Postfix) with ESMTP id 19F7C8FC08 for ; Fri, 5 Feb 2010 18:04:06 +0000 (UTC) Received: by fg-out-1718.google.com with SMTP id e12so11229fga.13 for ; Fri, 05 Feb 2010 10:04:06 -0800 (PST) MIME-Version: 1.0 Received: by 10.102.17.40 with SMTP id 40mr2038250muq.119.1265391699878; Fri, 05 Feb 2010 09:41:39 -0800 (PST) Date: Fri, 5 Feb 2010 19:41:39 +0200 Message-ID: <331b660a1002050941y256e3343i65afe78df5eba4e5@mail.gmail.com> From: Spas Karabelov To: freebsd-stable@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: PF Traffic Redirection issues X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Feb 2010 18:04:07 -0000 Hello, I am trying to perform traffic redirection with PF on 7.2-RELEASE. The traffic is in the same subnet and I try doing that by using just one interface em0. Mu current setup of pf is as follows: No ALTQ support in kernel ALTQ related functions disabled TRANSLATION RULES: rdr pass on em0 inet proto tcp from any os "NMAP" to any port 1:65535 -> 192.168.128.170 port 22 rdr pass on em0 inet proto tcp from 192.168.128.126 to any port = http -> 192.168.128.103 port 83 rdr pass on em0 inet proto tcp from 192.168.128.126 to any port = rdp -> 192.168.128.102 port 3389 rdr pass on em0 inet proto tcp from any to any port = ctf -> 192.168.128.102 port 83 FILTER RULES: scrub in all fragment reassemble block drop log all block drop in on ! em0 inet from 192.168.128.0/24 to any block drop in inet from 192.168.128.170 to any pass in on em0 inet proto tcp from any to 192.168.128.170 port = ssh flags S/SA keep state pass in on em0 inet proto tcp from any to 192.168.128.102 port = ctf flags S/SA synproxy state pass in on em0 inet proto tcp from any to 192.168.128.103 port = mit-ml-dev flags S/SA synproxy state pass out all flags S/SA keep state When I try to perform request they get the state of *SYN_SENT:CLOSED* : No ALTQ support in kernel ALTQ related functions disabled all tcp 192.168.128.170:22 <- 192.168.128.126:53162 ESTABLISHED:ESTABLISHED all tcp 192.168.128.102:83 <- 192.168.128.170:84 <- 192.168.128.104:8351 CLOSED:SYN_SENT all tcp 192.168.128.104:8351 -> 192.168.128.102:83 *SYN_SENT:CLOSED* Any advice is much appreciated. KR, Spas