From owner-freebsd-pf@FreeBSD.ORG Tue Jan 23 19:51:27 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8604E16A400 for ; Tue, 23 Jan 2007 19:51:27 +0000 (UTC) (envelope-from isaac.grover@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171]) by mx1.freebsd.org (Postfix) with ESMTP id 20C0213C45A for ; Tue, 23 Jan 2007 19:51:26 +0000 (UTC) (envelope-from isaac.grover@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so1228982uge for ; Tue, 23 Jan 2007 11:51:25 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=q26bmBSBoKV1Q3dT7x5Y1g89Xt5pZgVMGzwQ81H2X9arzpgOzNwkE4oLpOJ8odFF38XV9MrMg4X1zyHvAdWmL8d/w3+bk1yeFQinF1w7RBmwRZF2d5qJPYIbL0p1YhHTilOM/91sVOxXCeRlomedzV3c1Bawf7ZaV5zV1YDREb0= Received: by 10.82.120.15 with SMTP id s15mr228317buc.1169576606519; Tue, 23 Jan 2007 10:23:26 -0800 (PST) Received: by 10.82.141.18 with HTTP; Tue, 23 Jan 2007 10:23:26 -0800 (PST) Message-ID: Date: Tue, 23 Jan 2007 12:23:26 -0600 From: "Isaac Grover" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Incoming ssh doesn't quite work X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jan 2007 19:51:27 -0000 Good afternoon, I have a FreeBSD 6.1 box providing authentication services for a local wireless hotspot. "ext_if" (xl2) connects to the DSL modem, "wireless_if" (xl1) connects to the wireless router. Outbound http and https work just fine, but outbound ssh and inbound ssh don't work at all. Port forwarding on the DSL modem has been enabled, and I can see the inbound SSH requests on ext_if, sshd is actively listening on the required port, but the sshd logs say about connection attempts. Is there something else that needs to be configured in pf.conf for inbound ssh to function correctly? ---8<--- ext_if="xl2" ext_addr="172.16.1.33" wireless_if="xl1" wireless_net="192.168.100.0/24" proxy_addr="192.168.100.1" nat on $ext_if from $wireless_net to any port { 22, 443 } -> $ext_if rdr on $wireless_if inet proto tcp from any to any port 80 -> $proxy_addr port 3080 rdr on $ext_if proto tcp from any to $ext_if port { 22, 80 } -> ($ext_if) pass in on $wireless_if inet proto tcp from $wireless_net to any port { 22, 25, 110, 443, 3080 } keep state pass in on $ext_if inet proto tcp from any to $ext_addr port { 22, 80 } flags S/SA synproxy state pass out on $wireless_if inet proto tcp from $wireless_net to any port { 22, 25, 110, 443, 3080 } keep state pass out on $ext_if inet proto tcp from any to any port { 22, 80 } flags S/SA synproxy state ---8<--- Thank you, -- Isaac Grover, Owner Quality Computer Services of River Falls, Wisconsin Affordable I. T. Consulting, Web Design, and Web Hosting. Commercial and Residential Inquiries Welcomed. Web: http://www.qcs-rf.com