Re: Port Forwarding to different address

["David N" <davidn04_(_at_)_gmail_(_dot_)_com>]

On 19/08/07, Greg Hennessy <Greg_(_dot_)_Hennessy_(_at_)_nviz_(_dot_)_net> wrote:
> [snip]
>
> > scrub in all
> >
> > nat on $ext_if from $int_net to any -> ($ext_if)
> >
> > rdr on $ext_if pro to tcp from any to any port 22011 -> 192.168.1.10
> > port 22
> >
>
> Add
>
>         block log all
> here
>
> > pass in all
> > pass out all
>
> Replace these with explicitly coded ingress and egress rules using 'keep
> state flags S/SA'.
>
> In addition use tcpdump on the ingress and egress interfaces to determine if
> the redirect is working and to determine if the flow is transiting both
> interfaces.
>
>
> Greg
>
>
>
> >
> > ---- Snip
> >
> > I've tried it with the same port, eg.
> > rdr on $ext_if proto tcp from any to any port 22 -> 192.168.1.10 port
> > 22
> > that works.
> >
> > But with the original rule i do
> > ssh -p 22011 example.net
> > ssh: connect to host example.net port 22011: Connection refused
> >
> > I've tried
> > rdr on $ext_if pro to tcp from any to $ext_if port 22011 ->
> > 192.168.1.10 port 22
> > with no luck as well
> >
> > I have
> > net.inet.ip.forwarding: 1
> >
> > I'm not quite sure what else to do.
> >
> > Regards
> > David N
> > _______________________________________________
> > freebsd-pf_(_at_)_freebsd_(_dot_)_org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe_(_at_)_freebsd_(_dot_)_org"
>
>
>

Thanks, did a block log all
an from the remote side it still wouldn't let me connect, but didn't
get a log either =)
The remote host i was trying to connect from was blocking all out
going connections.
Changed hosts and all is working

Regards
David N
_______________________________________________
freebsd-pf_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe_(_at_)_freebsd_(_dot_)_org"