NAT question (hair pulling will begin in 3 minutes)
Phil Buckley
phil at 1918.com
Fri Feb 8 16:16:22 EST 2002
Well, I installed a nice new copy of openBSD30 as a firewall/dhcp box yesterday. Everything is working well except for one NAT redirect...
I can't get web traffic to push through to the internal/LAN webserver... any help is appreciated
my /etc/nat.conf only has 2 lines, so there isn't much going on
(ep0 is the external ethernet , rl0 in the internal one)
nat on ep0 from 192.168.1.0/24 to any -> 67.105.157.190
rdr on ep0 from any to any port 80 -> 192.168.1.80 port 80
Just in case I've screwed up my packet filtering I'll include it here...
(/etc/pf.conf)
# Clean up fragmented and abnormal packets
scrub in all
# don't allow anyone to spoof non-routeable addresses
#block in quick on ep0 inet from { 127.0.0.0/8, 192.168.0.0/16, \
#172.16.0.0/12, 10.0.0.0/8 } to any
#block out quick on ep0 inet from any to { 127.0.0.1/8, 192.168.0.0/16, \
#172.16.0.0/12, 10.0.0.0/8 }
# only allow our machines to connect via ssh
#pass in quick on ep0 inet proto tcp from 1.1.1.0/24 to any port = 22
# allow others to use http and https
pass in quick on ep0 inet proto tcp from any to any port = 22 flags S/SA
pass in quick on ep0 inet proto tcp from any to any port = 80 flags S/SA
pass in quick on ep0 inet proto tcp from any to any port = 443 flags S/SA
# finally lock the rest down with a default deny
block in quick on ep0 from any to any
# and let out-going traffic out and maintain state on established connections
pass out on ep0 from any to any keep state
# pass all packets in and out (these are the implicit last two rules)
#pass in all
#pass out all
Thanks in advance...
Phil
More information about the Discuss
mailing list