Date: Tue, 04 Nov 2008 16:34:00 +0100 From: Bastien Semene <bsemene@cyanide-studio.com> To: freebsd-pf@freebsd.org Subject: can't add a port forwarding Message-ID: <49106B68.2060007@cyanide-studio.com>
next in thread | raw e-mail | index | archive | help
Hi everyone, I'm currently facing a weird problem. I have a pf box acting as a gateway for some services and want to add a port forwarding for https. So I added the following rule : rdr pass on $ext_if proto tcp from any to any port 443 -> $atlas_ip //variables are correct since I have a similar rule for port 80. The "pfctl -s nat" shows this : nat on bge0 inet from 10.1.8.1 to any -> "external_interface_ip" rdr pass on bge0 inet proto tcp from any to any port = http -> 10.1.8.1 rdr pass on bge0 inet proto tcp from any to any port = https -> 10.1.8.1 An Nmap from outside shows this : # nmap -P0 -p80,443,17900 "external_interface_ip" Starting Nmap 4.20 ( http://insecure.org ) at 2008-11-04 16:22 CET Interesting ports on "external_interface_ip": PORT STATE SERVICE 80/tcp open http 443/tcp closed https 17900/tcp filtered unknown I tried reloading pf rules with "pfctl -F all -f /etc/pf.conf", restarting the machine, but nothing changed. The securelevel is also at -1, so pf should take the changes into account. And of course the destination https server receives nothing on https port. http and preconfigured nat/forwards works perfectly. I tried to comment the "scrub in all" option, but because the rdr line doesn't seem to be affected, I'm not sure this one is. If someone has an idea or direction to follow I take every piece of thought. Thanks all.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49106B68.2060007>