PF - port redirection failure

From: Antonio F (saphyr@infomaniak.ch)
Date: 12/21/01

  • Next message: Bruno Wolff III: "Re: web downoload robots" 

    From: "Antonio F" <saphyr@infomaniak.ch>
Date: Fri, 21 Dec 2001 19:01:53 +0100

    Hi all !

    I am in a big trouble... since this morning I am trying
    to solve this proble. If someone could help me,. it
    would be really appreciated....

    Situation:
    Internal network NATed through an Openbsd 3.0
    gateway, with some internal services which need to
    be redirected through the gateway (pf is used).
    The NAT is working well from the inside point of view,
    and the external port redirection from 7100 to internal
    22 is working.

    Problem:
    The 8888 external port redirection is not working
    (should point to an internal machine web server port 8080).

    Question:
    Why is the ssh redirection working ? But not the web
    redirection ?

    There are more informations further in this message...

    Thank you for reading !

    .Antonio F

    ============nat.conf=============
    #internal: rl0
    #external: xl0

    #NAT
    nat on xl0 from 192.168.111.0/24 to any -> 194.212.231.110

    #Redirects
    rdr on xl0 from any to any port 8888 -> 192.168.1.21 port 8080
    rdr on xl0 from any to any port 7100 -> 192.168.1.21 port 22

    ==============================

    =============pf.conf============
    nonRoutableIp="{ 127.0.0.1/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8}"
    ifInternal="rl0"
    ifExternal="xl0"
    netInternal="192.168.1.0/24"
    gate="194.212.231.110/32"

    scrub in on $ifExternal all
    pass out quick on lo0 all
    pass in quick on lo0 all

    ### Protection spoofing
    block in log quick on $ifExternal from $nonRoutableIp to any
    block out log quick on $ifExternal from any to $nonRoutableIp

    ### Services
    pass in quick on $ifExternal inet proto tcp from any to any port = 22
    flags S keep state
    pass in log quick on $ifExternal inet proto { tcp, udp } from any to any
    port = 8888 flags S
     keep state
    pass in log quick on $ifExternal inet proto tcp from any to any port = 7100
    flags S keep st
    ate

    ### Defaults
    block in quick on $ifExternal from any to any
    pass out quick on $ifExternal from $gate to any keep state

    ==============================

    Relevant Pages

    • RE: Extern bureaublad
      ... The system controls the port creation and deletion automatically. ... to let the printer redirection work in the Windows 2003 terminal server, ... You must enable the printer redirection on the RDP client. ... Windows Printer Mapping ...
      (microsoft.public.windows.server.sbs)
    • Re: RDP serial port redirection
      ... is that what you *want* is for redirection to redirect local ports on the ... I have not seen any problem with the redirection. ... I have noticed that I am able to enable serial port redirection, ...
      (microsoft.public.windowsce.platbuilder)
    • Re: thin client com ports
      ... ports being redirected with a change port command from the console. ... I am testing several thin clients. ... The 1125 when connected to an RDP session shows not to have ... port redirection, I don't think that it will work. ...
      (microsoft.public.windows.terminal_services)
    • Re: thin client com ports
      ... specific instructions on the COM port settings. ... I am testing several thin clients. ... The 1125 when connected to an RDP session shows not to have ... port redirection, I don't think that it will work. ...
      (microsoft.public.windows.terminal_services)