Date: Wed, 29 Mar 2017 18:33:32 -0400 From: David Mehler <dave.mehler@gmail.com> To: Kristof Provost <kristof@sigsegv.be> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Two pf questions Message-ID: <CAPORhP4nC=NyGAakFyJ2h7vwcJA3gS21sHvr9aMOu3%2BaKbbA0Q@mail.gmail.com> In-Reply-To: <AE749152-1207-469C-B0B3-84515187ED8C@sigsegv.be> References: <CAPORhP4JA_Jak7fL8Ko7wwoxGob=qLDzPLxtTgekoumqQJEGmA@mail.gmail.com> <AE749152-1207-469C-B0B3-84515187ED8C@sigsegv.be>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Thank you. With a pass rule I was able to get it working. Thank you very much. Dave. Here's my config: # external redirect rdr on $ext_if inet proto tcp from any to any port 2220 -> $jssh1 port 2220 # internal nat reflection rdr on $int_if inet proto tcp from any to any port 2220 -> $jssh1 port 2220 # pass rules # external pass rule pass in inet proto tcp from any to $jssh1 port 2220 flags S/SA keep state (max-src-conn 15, max-src-conn-rate 5/3, overload <bruteforce> flush global) # internal pass rule pass inet proto tcp from any to $jssh1 port 2220 flags S/SA keep state Thanks again. Dave. On 3/29/17, Kristof Provost <kristof@sigsegv.be> wrote: > On 27 Mar 2017, at 16:37, David Mehler wrote: >> My second question is one of nat reflection is the term. I've got a >> jail running a service on port 8000. I've got external redirect rules >> and pass rules passing in the traffic. The problem is I've got need to >> get access to that machine port 8000 on the host machine. >> >> I try something like ssh user@xxx.xxx.xxx.xxx -p 8000 >> > > Presumably you=E2=80=99ve got a rule like this: > rdr on $ext_if proto tcp from any to any port 8000 -> $jail port 80 > > Add something like > rdr on $int_if proto tcp from $localnet to ($ext_if) port 8000 -> $jail > port 80 > > Regards, > Kristof >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPORhP4nC=NyGAakFyJ2h7vwcJA3gS21sHvr9aMOu3%2BaKbbA0Q>