 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | About BLU |
Well, I installed a nice new copy of openBSD30 as a firewall/dhcp box yesterday. Everything is working well except for one NAT redirect...
I can't get web traffic to push through to the internal/LAN webserver... any help is appreciated
my /etc/nat.conf only has 2 lines, so there isn't much going on
(ep0 is the external ethernet , rl0 in the internal one)
nat on ep0 from 192.168.1.0/24 to any -> 67.105.157.190
rdr on ep0 from any to any port 80 -> 192.168.1.80 port 80
Just in case I've screwed up my packet filtering I'll include it here...
(/etc/pf.conf)
# Clean up fragmented and abnormal packets
scrub in all
# don't allow anyone to spoof non-routeable addresses
#block in quick on ep0 inet from { 127.0.0.0/8, 192.168.0.0/16, \
#172.16.0.0/12, 10.0.0.0/8 } to any
#block out quick on ep0 inet from any to { 127.0.0.1/8, 192.168.0.0/16, \
#172.16.0.0/12, 10.0.0.0/8 }
# only allow our machines to connect via ssh
#pass in quick on ep0 inet proto tcp from 1.1.1.0/24 to any port = 22
# allow others to use http and https
pass in quick on ep0 inet proto tcp from any to any port = 22 flags S/SA
pass in quick on ep0 inet proto tcp from any to any port = 80 flags S/SA
pass in quick on ep0 inet proto tcp from any to any port = 443 flags S/SA
# finally lock the rest down with a default deny
block in quick on ep0 from any to any
# and let out-going traffic out and maintain state on established connections
pass out on ep0 from any to any keep state
# pass all packets in and out (these are the implicit last two rules)
#pass in all
#pass out all
Thanks in advance...
Phil
