Date: Mon, 28 Mar 2016 16:23:06 -0400 From: "Littlefield, Tyler" <tyler@tysdomain.com> To: freebsd-questions@freebsd.org Subject: question re: PF and forwarding Message-ID: <56F992AA.7070409@tysdomain.com>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, sorry for the multiple emails recently. I'm working to get my server set up here so I can begin doing some dev on BHyve once that is all finalized. I am jailing my services like minidlna samba and unbound and am using PF to forward those. For whatever reason I do not see the ports I specify as open ports, but the individual addresses show them when I connect from within my server. For example, I can telnet 192.168.0.2 445 and that works fine in terms of establishing a connection. I was hoping that someone might see any connection here. Here is my pf.conf. *** if="igb0" addr="10.21.96.128" samba_addr="192.168.0.2" dlna_addr="192.168.0.3" unbound_addr="192.168.0.4" tcp_services="{ssh 53 netbios-ns netbios-dgm netbios-ssn microsoft-ds}" udp_services="{53 netbios-ns netbios-dgm netbios-ssn microsoft-ds}" set skip on lo set loginterface $if scrub in all #allow jails through nat on $if inet from $samba_addr to any tag jail_samba -> $addr nat on $if inet from $dlna_addr to any tag jail_dlna -> $addr nat on $if inet from $unbound_addr to any tag jail_unbound -> $addr #portforward to jails. #unbound rdr pass on $if proto tcp from any to $addr port 53 -> $unbound_addr port 53 rdr pass on $if proto udp from any to $addr port 53 -> $unbound_addr port 53 #samba rdr pass on $if proto tcp from any to $addr port 137 -> $samba_addr port 137 rdr pass on $if proto tcp from any to $addr port 138 -> $samba_addr port 138 rdr pass on $if proto tcp from any to $addr port 139 -> $samba_addr port 139 rdr pass on $if proto tcp from any to $addr port 445 -> $samba_addr port 445 rdr pass on $if proto udp from any to $addr port 137 -> $samba_addr port 137 rdr pass on $if proto udp from any to $addr port 138 -> $samba_addr port 138 rdr pass on $if proto udp from any to $addr port 139 -> $samba_addr port 139 rdr pass on $if proto udp from any to $addr port 445 -> $samba_addr port 445 #rules pass quick on lo1 pass from igb0:network to any keep state #default policy: deny antispoof quick for { $if lo } block in all #accept TCP ports. pass in on $if proto tcp from any to any port $tcp_services pass in on $if proto udp from any to any port $udp_services *** - -- Take care, Ty Twitter: @sorressean Web: https://tysdomain.com Pubkey: https://tysdomain.com/files/pubkey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJW+ZKqAAoJEAdP60+BYxejccoIAJXdhyvB15PtXyBeA7K0e5tR MIP6SVWmdWpv/9AxPAodPvHgTiyJF4A50VsJ9Tcnq8v0gnulIKXytlBHwuJe0goI b8vJT+Sqq6d6ystnhGddh1npgHbwD8LwP5s7AA6LIhFxq84GIprC22+HCi/tTHXF AGX408PNJbNXXwA5F/tzBQH2uFXUA28d6NKkeOjrKkIn5ZwCB57ehmDO/3yNhZHT ONvzK83QbyYU2q+BRYIkqPNzpXIQgPGIULMHj57jymOZqdjDd6llSvmWdKWkhv9d BIRDcd513n+GjYc4fCzwTh110EOhC47IbBTK09l3SCgcvbztTKx0m1vQvNQk73Y= =Lvnv -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56F992AA.7070409>