[BSD-INDIA] Pf-rdr

M E manpages at yahoo.com
Fri Nov 6 16:19:28 UTC 2009 

Hello good guys,
I
wondered if anyone could just point out to me why all the below
redirection (rdr) is giving error. Although i copied the code somewhere
and intend to use it for my server. The pf explains itself.

#################################################################
# macro definitions
#################################################################
# ext_if -- external interface, connects the firewall to the
#           outside world
# prv_if -- private interface, connects to the private network 
#           segment to the firewall
# dmz_if -- DMZ interface, connects to the DMZ network segment 
#           to the
 firewall
#################################################################

ext_if = "rl0"
prv_if = "fxp0"
dmz_if = "rl1"

#################################################################
# ext_ad -- the IPv4 address of the ext_if external interface
# prv_ad -- the range of IPv4 addresses on the private network
# dmz_ad -- the range of IPv4 addresses on the DMZ network 
#################################################################

#ext_ad = "x.x.x.x/32"
prv_ad = "192.168.1.0/24"
dmz_ad = "192.168.2.0/24"

#################################################################
# dmz_domain_ad -- the internal IPv4 address of the externally 
#                  accessible DNS server residing in the DMZ
# dmz_www_ad    -- the internal IPv4 address of the
 externally
#                  accessible HTTP server residing in the DMZ
# dmz_smtp_ad   -- the internal IPv4 address of the externally
#                  accessible SMTP server residing in the DMZ
# dmz_ftp_ad    -- the internal IPv4 address of the externally
#                  accessible FTP server residing in the DMZ
# dmz_nntp_ad   -- the internal IPv4 address of the externally
#                  accessible NNTP server residing in the DMZ
#################################################################

dmz_domain_ad  =
 "192.168.2.2/32"
dmz_www_ad     = "192.168.2.3/32"
dmz_smtp_ad    = "192.168.2.4/32"
dmz_ftp_ad     = "192.168.2.5/32"
dmz_nntp_ad    = "192.168.2.6/32"

#################################################################
# dmz_domain_pr -- protocols used by the DMZ DNS server
# dmz_www_pr    -- protocols used by the DMZ HTTP server 
# dmz_smtp_pr   -- protocols used by the DMZ SMTP server 
# dmz_ftp_pr    -- protocols used by the DMZ FTP server 
# dmz_nntp_pr   -- protocols used by the DMZ NNTP server 
#################################################################

dmz_domain_pr = "{tcp, udp}"
dmz_www_pr    = "{tcp}"
dmz_smtp_pr   = "{tcp}"
dmz_ftp_pr    = "{tcp}"
dmz_nntp_pr   =
 "{tcp}"

#################################################################
# dmz_domain_pt -- the port that DMZ DNS server is listening on
# dmz_www_pt    -- the port that DMZ HTTP server is listening on 
# dmz_smtp_pt   -- the port that DMZ SMTP server is listening on 
# dmz_ftp_pt    -- the port that DMZ FTP server is listening on 
# dmz_nntp_pt   -- the port that DMZ NNTP server is listening on 
#################################################################

dmz_domain_pt = "2053"
dmz_www_pt    = "9828"
dmz_smtp_pt   = "2025"
dmz_ftp_pt    = "2020"
dmz_nntp_pt   = "2119"

#################################################################
# options: "set"
#################################################################

set limit { frags 10000, states 10000 }
set loginterface
 $ext_if
set optimization default

#################################################################
# scrub rules: "scrub"
#################################################################

scrub in  all fragment reassemble
scrub out all fragment reassemble

#################################################################
# NAT rules: "rdr", "nat", "binat"
#################################################################

nat on $ext_if from $prv_ad to any -> $ext_ad
nat on $ext_if from $dmz_ad to any -> $ext_ad

#################################################################
# establish redirection rules for the hosts on the external,
# private, and DMZ networks
#################################################################

rdr on $ext_if proto $dmz_domain_pr from any \
 to $ext_ad port domain -> $dmz_domain_ad port $dmz_domain_pt  # error
 line

rdr on {$ext_if, $prv_if} proto $dmz_www_pr from any \
 to $ext_ad port www    -> $dmz_www_ad port $dmz_www_pt    # error line

rdr on {$ext_if, $prv_if} proto $dmz_smtp_pr from any \
 to $ext_ad port smtp   -> $dmz_smtp_ad port $dmz_smtp_pt

rdr on {$ext_if, $prv_if} proto $dmz_ftp_pr from any \
 to $ext_ad port ftp    -> $dmz_ftp_ad port $dmz_ftp_pt  # error line

rdr on $prv_if proto $dmz_nntp_pr from any \
 to $ext_ad port nntp   -> $dmz_nntp_ad port $dmz_nntp_pt    # error line



Thanks


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.bsd-india.org/pipermail/bsd-india/attachments/20091106/812735a3/attachment-0001.html>

More information about the bsd-india mailing list