PF+RDR+NAT HELP !!!!!!!!!!
jorge
jorge en netsecure.cl
Mie Dic 10 10:21:56 CLST 2003
>
> nat on rl0 from 192.16.1.0/24 to any -> 1.1.1.13
>
> rdr on rl0 proto tcp from any to 1.1.1.2 port 25 -> 192.16.1.2 port 25
> rdr on rl0 proto tcp from any to 1.1.1.2 port 110 -> 192.16.1.2 port 110
> rdr on rl0 proto tcp from any to 1.1.1.2 port 80 -> 192.16.1.2 port 80
>
> rdr on rl0 proto tcp from any to 1.1.1.13 port 25 -> 192.16.1.6 port 25
> rdr on rl0 proto tcp from any to 1.1.1.13 port 110 -> 192.16.1.6 port 110
>
> block in log all
> pass out on rl0 proto { tcp, udp } all keep state
> pass in on rl0 proto { tcp, udp } from any to rl0 port 53 keep state
> pass in on rl0 proto tcp from any to any port 25 keep state
> pass in on rl0 proto tcp from any to any port 110 keep state
> pass in on rl0 proto tcp from any to any port 80 keep state
>
> pass in on lo0 all keep state
> pass out on lo0 all keep state
>
> pass in on xl0 all keep state
> pass out on xl0 all keep state
>
>
> ----------------------
> Ok, eta es la configuración que tengo, ahora .. El problema es que en ....
>
> pass in on rl0 proto tcp from any to any port 25 keep state
>
> No lo puedo poner como ...
>
> pass in on rl0 proto tcp from any to rl0 port 25 keep state
>
> Y al hacer un tcpdump aparece esto ..
>
> 12:49:58.738596 rule 1/0(match): block in on rl0: 1.1.1.2.1025 > 192.16.1.2 .smtp: S 387595638:387595638(0) win 57344 <mss 1460,nop,wscale 0,nop,nop,timesta mp 29155 0> (DF) [tos 0x10]
>
> Alguna sugerencia ??? Algo que esta mal configurado ???
>
pass in on rl0 proto tcp from any to 192.168.1.2 port 25 modulate state
>
> S.O.: OpenBSD 3.2
> Firewall: pf
bakan..