Date: Mon, 28 Mar 2016 16:23:06 -0400 From: "Littlefield, Tyler" <tyler@tysdomain.com> To: freebsd-questions@freebsd.org Subject: question re: PF and forwarding Message-ID: <56F992AA.7070409@tysdomain.com>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All,
sorry for the multiple emails recently. I'm working to get my server
set up here so I can begin doing some dev on BHyve once that is all
finalized.
I am jailing my services like minidlna samba and unbound and am using
PF to forward those.
For whatever reason I do not see the ports I specify as open ports,
but the individual addresses show them when I connect from within my
server. For example, I can telnet 192.168.0.2 445 and that works fine
in terms of establishing a connection. I was hoping that someone might
see any connection here. Here is my pf.conf.
***
if="igb0"
addr="10.21.96.128"
samba_addr="192.168.0.2"
dlna_addr="192.168.0.3"
unbound_addr="192.168.0.4"
tcp_services="{ssh 53 netbios-ns netbios-dgm netbios-ssn microsoft-ds}"
udp_services="{53 netbios-ns netbios-dgm netbios-ssn microsoft-ds}"
set skip on lo
set loginterface $if
scrub in all
#allow jails through
nat on $if inet from $samba_addr to any tag jail_samba -> $addr
nat on $if inet from $dlna_addr to any tag jail_dlna -> $addr
nat on $if inet from $unbound_addr to any tag jail_unbound -> $addr
#portforward to jails.
#unbound
rdr pass on $if proto tcp from any to $addr port 53 -> $unbound_addr
port 53
rdr pass on $if proto udp from any to $addr port 53 -> $unbound_addr
port 53
#samba
rdr pass on $if proto tcp from any to $addr port 137 -> $samba_addr
port 137
rdr pass on $if proto tcp from any to $addr port 138 -> $samba_addr
port 138
rdr pass on $if proto tcp from any to $addr port 139 -> $samba_addr
port 139
rdr pass on $if proto tcp from any to $addr port 445 -> $samba_addr
port 445
rdr pass on $if proto udp from any to $addr port 137 -> $samba_addr
port 137
rdr pass on $if proto udp from any to $addr port 138 -> $samba_addr
port 138
rdr pass on $if proto udp from any to $addr port 139 -> $samba_addr
port 139
rdr pass on $if proto udp from any to $addr port 445 -> $samba_addr
port 445
#rules
pass quick on lo1
pass from igb0:network to any keep state
#default policy: deny
antispoof quick for { $if lo }
block in all
#accept TCP ports.
pass in on $if proto tcp from any to any port $tcp_services
pass in on $if proto udp from any to any port $udp_services
***
- --
Take care,
Ty
Twitter: @sorressean
Web: https://tysdomain.com
Pubkey: https://tysdomain.com/files/pubkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJW+ZKqAAoJEAdP60+BYxejccoIAJXdhyvB15PtXyBeA7K0e5tR
MIP6SVWmdWpv/9AxPAodPvHgTiyJF4A50VsJ9Tcnq8v0gnulIKXytlBHwuJe0goI
b8vJT+Sqq6d6ystnhGddh1npgHbwD8LwP5s7AA6LIhFxq84GIprC22+HCi/tTHXF
AGX408PNJbNXXwA5F/tzBQH2uFXUA28d6NKkeOjrKkIn5ZwCB57ehmDO/3yNhZHT
ONvzK83QbyYU2q+BRYIkqPNzpXIQgPGIULMHj57jymOZqdjDd6llSvmWdKWkhv9d
BIRDcd513n+GjYc4fCzwTh110EOhC47IbBTK09l3SCgcvbztTKx0m1vQvNQk73Y=
=Lvnv
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56F992AA.7070409>