Date: Tue, 23 Dec 2014 07:18:07 +1100 From: Stephen Hocking <stephen.hocking@gmail.com> To: krad <kraduk@gmail.com> Cc: hackers@freebsd.org Subject: Re: Fun with PF & redirection Message-ID: <CA%2BxzKjCi0Qwcu2BM4WYGHqGha6EfBNnkJGF-Jng5RkyqnHbLWg@mail.gmail.com> In-Reply-To: <CALfReyc2miVm5Wnh_=OADfx0wLdw0JsHrwwKkbEu=HuD0qX5Pw@mail.gmail.com> References: <CA%2BxzKjDzVXJomaYzF3ju1cxEchTVw7NN=OtpSoxeEYdr6AHPAA@mail.gmail.com> <CALfReyc2miVm5Wnh_=OADfx0wLdw0JsHrwwKkbEu=HuD0qX5Pw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Spot on! It turns out the issue was that the port ranges need to be in ascending order, as you suggested. I now have a small box which is capable of driving Nessus to tears. On Mon, Dec 22, 2014 at 11:48 PM, krad <kraduk@gmail.com> wrote: > should that be 5044:65334 rather than 65334:5044? > also make sure you are not filtering ports 5044-65334 and that the $spoof_port > isnt filtered > > On 21 December 2014 at 20:40, Stephen Hocking <stephen.hocking@gmail.com> > wrote: > >> Hi all, >> >> I'm using PF on a 10.1 box, and am trying to redirect a range of ports to >> a >> single port, with a rule like this: >> >> rdr on $ext_if proto tcp from any to any port 65334:5044 -> $spoof_host >> port $spoof_port >> >> spoof_host has been set to 127.0.0.1. >> >> This does not seem to work. Any ideas? >> >> >> Stephen >> _______________________________________________ >> freebsd-hackers@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org >> " >> > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BxzKjCi0Qwcu2BM4WYGHqGha6EfBNnkJGF-Jng5RkyqnHbLWg>