[nycbug-talk] Is PF rdr broken in 6.2
okan at demirmen.com
Wed Jan 9 18:06:24 EST 2008
On Wed 2008.01.09 at 16:42 -0500, Rodrique Heron wrote:
> Okan Demirmen wrote:
>> On Wed 2008.01.09 at 16:22 -0500, Rodrique Heron wrote:
>>> I'm trying to accomplish a very simple redirect using PF on FreeBSD 6.2.
>>> I want to forward all incoming port 22 connections to a remote server,
>>> but can't get it to work. I have this in /etc/pf.conf
>>> rdr on em0 proto tcp from any to $host_ip port 22 -> $remote_server
>>> pass in quick all
>>> pass out quick all
>>> Forwarding is enabled (net.inet.ip.forwarding: 1) even though I don't
>>> think I need it, tcpdump shows traffic, but I'm not sure what to look
>>> Also, I have a jail on this server, if I enabled it and change the rdr
>>> rule to redirect to the jail address it works fine.
>>> Any ideas ?
>> where is $remote_server, network-wise?
> $remote_server is in the same broadcast domain if that's what you mean.
> Both servers are plugged into the same stack.
oh of course :) if i had read your macros, it would have been obivous...
in any case, you can't do what you are trying to do, rdr to another
host not behind pf(4) - rdr is a translation.
More information about the talk