From: Edward Neville (Edward.NevilleUK-plc.net)
Date: Tue Aug 03 2004 - 03:57:34 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello all,

I am trying to forward NS queries to an internal box, using rdr.

Mail works, but for some reason I cant get the NS to work. Any ideas?

--[ pf.conf ]--
# macro definitions

ext_if="fxp0"
int_if="xl0"

IP="83.146.42.162"

# External Addresses
BIP1="83.146.42.163"
BIP2="83.146.42.164"

# Internal Address
LAN="192.168.1.0/24"

# External NATs
MAIL0="192.168.1.32"

NS0="192.168.1.33"
NS1="192.168.1.33"

#tcp_services = "{ 22, 25, 80, 110, 113, 143 }"
# Services
SSH=22
MAIL=25
WEB=80
POP=110
IMAP=143
NS=53

#table <spamd> persist
#table <spamd-white> persist

scrub in

# nat rules
#binat on $ext_if proto {tcp, icmp, udp} from $INTS1 to any -> $BIP1
rdr on $ext_if inet proto tcp from any to $BIP1 port $MAIL -> $MAIL0 port
$MAIL
rdr on $ext_if inet proto udp from any to $BIP1 port $NS -> $NS0 port $NS
rdr on $ext_if inet proto udp from any to $BIP2 port $NS -> $NS1 port $NS

nat on $ext_if from $LAN to any -> $IP

# blocking rules
block all

block drop in quick on $ext_if from $LAN to any
block drop out quick on $ext_if from any to $LAN

#pass in on $ext_if proto tcp from any to $MAIL0 port $MAIL flags S/SA
synproxy state

pass in on $ext_if proto tcp from any to any port $MAIL flags S/SA synproxy
state

pass in on $ext_if proto udp from any to any port $NS

# Let internal traffic out
pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state

pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto {udp, icmp} all keep state
--[ eof ]--

--
Regards,
Ed.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]