[nycbug-talk] Is PF rdr broken in 6.2

Steven Kreuzer skreuzer at exit2shell.com
Wed Jan 9 17:12:05 EST 2008


On Wed, Jan 09, 2008 at 04:42:59PM -0500, Rodrique Heron wrote:
> 
> 
> Okan Demirmen wrote:
> > On Wed 2008.01.09 at 16:22 -0500, Rodrique Heron wrote:
> >   
> >> Guys-
> >>
> >> I'm trying to accomplish a very simple redirect using PF on FreeBSD 
> >> 6.2.  I want to forward all incoming port 22 connections to a remote 
> >> server, but can't get it to work. I have this in /etc/pf.conf
> >>
> >> host_ip="192.168.2.4"
> >> remote_server="192.168.2.6"
> >>
> >> rdr on em0 proto tcp from any to $host_ip port 22 -> $remote_server
> >>
> >> pass in quick all
> >> pass out quick all
> >>
> >> Forwarding is enabled (net.inet.ip.forwarding: 1) even though I don't 
> >> think I need it, tcpdump shows traffic, but I'm not sure what to look for.
> >>
> >> Also, I have a jail on this server, if I enabled it and change the rdr 
> >> rule to redirect to the jail address it works fine.
> >>
> >>
> >> Any ideas ?
> >>     
> >
> > where is $remote_server, network-wise?
> >   
> 
> $remote_server is in the same broadcast domain if that's what you mean. 
> Both servers are plugged into the same stack.
> 

Stupid question: Are you sure sshd is listening on 192.168.2.6, and there
is no firewall rule on 192.168.2.6 blocking traffic from 192.168.2.4

-- 
Steven Kreuzer
http://www.exit2shell.com/~skreuzer



More information about the talk mailing list