Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NAT question (hair pulling will begin in 3 minutes)



Well, I installed a nice new copy of openBSD30 as a firewall/dhcp box yesterday. Everything is working well except for one NAT redirect...

I can't get web traffic to push through to the internal/LAN webserver... any help is appreciated

my /etc/nat.conf only has 2 lines, so there isn't much going on 
(ep0 is the external ethernet , rl0 in the internal one)

nat on ep0 from 192.168.1.0/24 to any -> 67.105.157.190
rdr on ep0 from any to any port 80 -> 192.168.1.80 port 80

Just in case I've screwed up my packet filtering I'll include it here...
(/etc/pf.conf)

# Clean up fragmented and abnormal packets
scrub in all

# don't allow anyone to spoof non-routeable addresses
#block in quick on ep0 inet from { 127.0.0.0/8, 192.168.0.0/16, \
#172.16.0.0/12, 10.0.0.0/8 } to any
#block out quick on ep0 inet from any to { 127.0.0.1/8, 192.168.0.0/16, \
#172.16.0.0/12, 10.0.0.0/8 }

# only allow our machines to connect via ssh
#pass in quick on ep0 inet proto tcp from 1.1.1.0/24 to any port = 22

# allow others to use http and https
pass in quick on ep0 inet proto tcp from any to any port = 22 flags S/SA
pass in quick on ep0 inet proto tcp from any to any port = 80 flags S/SA
pass in quick on ep0 inet proto tcp from any to any port = 443 flags S/SA

# finally lock the rest down with a default deny
block in quick on ep0 from any to any

# and let out-going traffic out and maintain state on established connections
pass out on ep0 from any to any keep state

# pass all packets in and out (these are the implicit last two rules)
#pass in all
#pass out all

Thanks in advance...
Phil






BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org