Date: Mon, 9 Jul 2007 08:58:06 -0300 From: "Gilberto Villani Brito" <linux@giboia.org> To: "FreeBSD (PF)" <freebsd-pf@freebsd.org> Subject: Re: Simple NAT question Message-ID: <6e6841490707090458y4a7cf8f5rddb0f9b46bc547d6@mail.gmail.com> In-Reply-To: <b024b3480707080510q598e4c16r98b917199d1ba80@mail.gmail.com> References: <b024b3480707080510q598e4c16r98b917199d1ba80@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/07/07, Morgan Reed <morgan.s.reed@gmail.com> wrote: > I've got an issue with a simple NAT with pf. > > I've got two machines; > the first (I will call m1) has 2 ethernet interfaces (I will call them > m1.0 and m1.1) > the second (I will call m2) has 1 ethernet interface (I will call it m2.0) > > m1.0 faces my LAN, m1.1 and m2.0 are on a separate, isolated segment. > > what I need to be able to do is to access the "outside world" from m2 > and be able to get to Ports 80, 443 and 3128 on m2 from my LAN by > connecting to ports 80, 443 and 3128 on m1 and having traffic > forwarded appropriately. > > m1.0 - 192.168.0.X/24 (DHCP assigned) > m1.1 - 192.168.1.2/24 > m2.0 - 192.168.1.30/24 > > /etc/pf.conf > ========================================================= > > ext_if="m1.0" > int_if="m1.1" > > nat on $ext_if from !($ext_if) -> ($ext_if:0) > > rdr pass on $ext_if proto tcp to port 80 -> 192.168.1.30 port 80 > rdr pass on $ext_if proto tcp to port 443 -> 192.168.1.30 port 443 > rdr pass on $ext_if proto tcp to port 3128 -> 192.168.1.30 port 3128 > > pass in keep state > pass out keep state > > ========================================================= > > The current status is as follows; > * I can ping m1.0 from m2 > * I can't ping any of the other address on the 192.168.0.0/24 network from m2 > > - tcpdump'ing m1.1 > * Connecting to one of the forwarded ports on m1.0 I see nothing > * Connecting from m2 to a host on the LAN I see the connections going > out but, not coming back > > Your assistance is greatly appreciated. > > Morgan > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > Hi, Try use this: ext_if="m1.0" int_if="m1.1" rdr pass on $ext_if proto tcp to port 80 -> 192.168.1.30 port 80 rdr pass on $ext_if proto tcp to port 443 -> 192.168.1.30 port 443 rdr pass on $ext_if proto tcp to port 3128 -> 192.168.1.30 port 3128 nat on $ext_if from !($ext_if) to any -> ($ext_if:0) pass in keep state pass out keep state -- Gilberto Villani Brito System Administrator Londrina - PR Brazil gilbertovb(a)gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6e6841490707090458y4a7cf8f5rddb0f9b46bc547d6>