Port Forwarding to different address

Hello,

FreeBSD 6.2

I've been at this for an entire day and completely stumped.
I'm trying
to port forward from one port number to a different port
number. I
tried the normal port forwarding (same port number), that
works. but
when i try different ones it doesn't work.

I know about the reflection problem, so I'm testing this via
another
remote machine.

ext_if="ng0"
int_if="re0"
int_net="192.168.1.0/24"

scrub in all

nat on $ext_if from $int_net to any -> ($ext_if)

rdr on $ext_if pro to tcp from any to any port 22011 ->
192.168.1.10 port 22

pass in all
pass out all

---- Snip

I've tried it with the same port, eg.
rdr on $ext_if proto tcp from any to any port 22 ->
192.168.1.10 port 22
that works.

But with the original rule i do
ssh -p 22011 example.net
ssh: connect to host example.net port 22011: Connection
refused

I've tried
rdr on $ext_if pro to tcp from any to $ext_if port 22011
-> 192.168.1.10 port 22
with no luck as well

I have
net.inet.ip.forwarding: 1

I'm not quite sure what else to do.

Regards
David N
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"

[snip]

> scrub in all
> 
> nat on $ext_if from $int_net to any -> ($ext_if)
> 
> rdr on $ext_if pro to tcp from any to any port 22011
-> 192.168.1.10
> port 22
> 

Add 

	block log all 
here

> pass in all
> pass out all

Replace these with explicitly coded ingress and egress rules
using 'keep
state flags S/SA'. 

In addition use tcpdump on the ingress and egress interfaces
to determine if
the redirect is working and to determine if the flow is
transiting both
interfaces. 


Greg



> 
> ---- Snip
> 
> I've tried it with the same port, eg.
> rdr on $ext_if proto tcp from any to any port 22 ->
192.168.1.10 port
> 22
> that works.
> 
> But with the original rule i do
> ssh -p 22011 example.net
> ssh: connect to host example.net port 22011: Connection
refused
> 
> I've tried
> rdr on $ext_if pro to tcp from any to $ext_if port
22011 ->
> 192.168.1.10 port 22
> with no luck as well
> 
> I have
> net.inet.ip.forwarding: 1
> 
> I'm not quite sure what else to do.
> 
> Regards
> David N
> _______________________________________________
> freebsd-pffreebsd.org mailing list
> 
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"


_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"

On 19/08/07, Greg Hennessy <Greg.Hennessynviz.net> wrote:
> [snip]
>
> > scrub in all
> >
> > nat on $ext_if from $int_net to any ->
($ext_if)
> >
> > rdr on $ext_if pro to tcp from any to any port
22011 -> 192.168.1.10
> > port 22
> >
>
> Add
>
>         block log all
> here
>
> > pass in all
> > pass out all
>
> Replace these with explicitly coded ingress and egress
rules using 'keep
> state flags S/SA'.
>
> In addition use tcpdump on the ingress and egress
interfaces to determine if
> the redirect is working and to determine if the flow is
transiting both
> interfaces.
>
>
> Greg
>
>
>
> >
> > ---- Snip
> >
> > I've tried it with the same port, eg.
> > rdr on $ext_if proto tcp from any to any port 22
-> 192.168.1.10 port
> > 22
> > that works.
> >
> > But with the original rule i do
> > ssh -p 22011 example.net
> > ssh: connect to host example.net port 22011:
Connection refused
> >
> > I've tried
> > rdr on $ext_if pro to tcp from any to $ext_if port
22011 ->
> > 192.168.1.10 port 22
> > with no luck as well
> >
> > I have
> > net.inet.ip.forwarding: 1
> >
> > I'm not quite sure what else to do.
> >
> > Regards
> > David N
> > _______________________________________________
> > freebsd-pffreebsd.org mailing list
> > 
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> > To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
>
>
>

Thanks, did a block log all
an from the remote side it still wouldn't let me connect,
but didn't
get a log either =)
The remote host i was trying to connect from was blocking
all out
going connections.
Changed hosts and all is working

Regards
David N
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"