[nycbug-talk] Is PF rdr broken in 6.2
Rodrique Heron
rodrique_heron at baruch.cuny.edu
Wed Jan 9 17:14:34 EST 2008
Steven Kreuzer wrote:
> On Wed, Jan 09, 2008 at 04:42:59PM -0500, Rodrique Heron wrote:
>
>> Okan Demirmen wrote:
>>
>>> On Wed 2008.01.09 at 16:22 -0500, Rodrique Heron wrote:
>>>
>>>
>>>> Guys-
>>>>
>>>> I'm trying to accomplish a very simple redirect using PF on FreeBSD
>>>> 6.2. I want to forward all incoming port 22 connections to a remote
>>>> server, but can't get it to work. I have this in /etc/pf.conf
>>>>
>>>> host_ip="192.168.2.4"
>>>> remote_server="192.168.2.6"
>>>>
>>>> rdr on em0 proto tcp from any to $host_ip port 22 -> $remote_server
>>>>
>>>> pass in quick all
>>>> pass out quick all
>>>>
>>>> Forwarding is enabled (net.inet.ip.forwarding: 1) even though I don't
>>>> think I need it, tcpdump shows traffic, but I'm not sure what to look for.
>>>>
>>>> Also, I have a jail on this server, if I enabled it and change the rdr
>>>> rule to redirect to the jail address it works fine.
>>>>
>>>>
>>>> Any ideas ?
>>>>
>>>>
>>> where is $remote_server, network-wise?
>>>
>>>
>> $remote_server is in the same broadcast domain if that's what you mean.
>> Both servers are plugged into the same stack.
>>
>>
>
> Stupid question: Are you sure sshd is listening on 192.168.2.6, and there
> is no firewall rule on 192.168.2.6 blocking traffic from 192.168.2.4
>
Positively sure, I can ssh from 192.168.2.4 to 192.168.2.6 with no problems.
More information about the talk
mailing list