Date: Sun, 19 Aug 2007 10:21:16 +0100 From: "Greg Hennessy" <Greg.Hennessy@nviz.net> To: "'David N'" <davidn04@gmail.com>, <freebsd-pf@freebsd.org> Subject: RE: Port Forwarding to different address Message-ID: <000b01c7e242$4b76bc20$e2643460$@Hennessy@nviz.net> In-Reply-To: <4d7dd86f0708182138x49da1b49le12461fbae2b6298@mail.gmail.com> References: <4d7dd86f0708182138x49da1b49le12461fbae2b6298@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[snip] > scrub in all > > nat on $ext_if from $int_net to any -> ($ext_if) > > rdr on $ext_if pro to tcp from any to any port 22011 -> 192.168.1.10 > port 22 > Add block log all here > pass in all > pass out all Replace these with explicitly coded ingress and egress rules using 'keep state flags S/SA'. In addition use tcpdump on the ingress and egress interfaces to determine if the redirect is working and to determine if the flow is transiting both interfaces. Greg > > ---- Snip > > I've tried it with the same port, eg. > rdr on $ext_if proto tcp from any to any port 22 -> 192.168.1.10 port > 22 > that works. > > But with the original rule i do > ssh -p 22011 example.net > ssh: connect to host example.net port 22011: Connection refused > > I've tried > rdr on $ext_if pro to tcp from any to $ext_if port 22011 -> > 192.168.1.10 port 22 > with no luck as well > > I have > net.inet.ip.forwarding: 1 > > I'm not quite sure what else to do. > > Regards > David N > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000b01c7e242$4b76bc20$e2643460$>