From owner-freebsd-pf@FreeBSD.ORG Thu Aug 23 04:10:43 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B355816A41A for ; Thu, 23 Aug 2007 04:10:43 +0000 (UTC) (envelope-from davidn04@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.227]) by mx1.freebsd.org (Postfix) with ESMTP id 73BD413C468 for ; Thu, 23 Aug 2007 04:10:43 +0000 (UTC) (envelope-from davidn04@gmail.com) Received: by wx-out-0506.google.com with SMTP id i29so320950wxd for ; Wed, 22 Aug 2007 21:10:42 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ekqszv+pPnzLtPZIiTXmOFAiAVUeGc3WK0JvB4zenIHwIs1bk24rx33WlQuM0naThqRrF6n7td312YVgd5lIHbC2TCcAJTHgoIV19aCnNGF+4UWFJU/SYVxE4Uss6Kk9TzBkLuUuVZS6BiqzM5aDi8rrGzTcM1cV/ghFcQ9gtX0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=AASYEqlKA9mIh1aLsPQiNTeOAkRg93Ie8zjak14EGXqlkyWhVSYB/HZRaKPBBPT7dvSztu9nLT3HbC1PUqMG7rGNCpGnF1dxdgZUvyHew2C+jD6AxPmARKpfv81uoh6bv/tBXo8NGCP/gAIOzDW8l/Yuw7CVD//cY1xlnSMrNXo= Received: by 10.90.89.5 with SMTP id m5mr1246510agb.1187842242275; Wed, 22 Aug 2007 21:10:42 -0700 (PDT) Received: by 10.90.89.13 with HTTP; Wed, 22 Aug 2007 21:10:42 -0700 (PDT) Message-ID: <4d7dd86f0708222110r591877f7xb6c981f0d0bacf6f@mail.gmail.com> Date: Thu, 23 Aug 2007 14:10:42 +1000 From: "David N" To: "Greg Hennessy" In-Reply-To: <1080445460992559286@unknownmsgid> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <4d7dd86f0708182138x49da1b49le12461fbae2b6298@mail.gmail.com> <1080445460992559286@unknownmsgid> Cc: freebsd-pf@freebsd.org Subject: Re: Port Forwarding to different address X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Aug 2007 04:10:43 -0000 On 19/08/07, Greg Hennessy wrote: > [snip] > > > scrub in all > > > > nat on $ext_if from $int_net to any -> ($ext_if) > > > > rdr on $ext_if pro to tcp from any to any port 22011 -> 192.168.1.10 > > port 22 > > > > Add > > block log all > here > > > pass in all > > pass out all > > Replace these with explicitly coded ingress and egress rules using 'keep > state flags S/SA'. > > In addition use tcpdump on the ingress and egress interfaces to determine if > the redirect is working and to determine if the flow is transiting both > interfaces. > > > Greg > > > > > > > ---- Snip > > > > I've tried it with the same port, eg. > > rdr on $ext_if proto tcp from any to any port 22 -> 192.168.1.10 port > > 22 > > that works. > > > > But with the original rule i do > > ssh -p 22011 example.net > > ssh: connect to host example.net port 22011: Connection refused > > > > I've tried > > rdr on $ext_if pro to tcp from any to $ext_if port 22011 -> > > 192.168.1.10 port 22 > > with no luck as well > > > > I have > > net.inet.ip.forwarding: 1 > > > > I'm not quite sure what else to do. > > > > Regards > > David N > > _______________________________________________ > > freebsd-pf@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > > Thanks, did a block log all an from the remote side it still wouldn't let me connect, but didn't get a log either =) The remote host i was trying to connect from was blocking all out going connections. Changed hosts and all is working Regards David N