|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: pf, ftp-proxy, default deny, 421 Service not avaiable
From: Chris Zakelj (c.zakelj
ieee.org)
Date: Tue Nov 02 2004 - 08:52:55 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Henning Brauer wrote:
>* Chris Zakelj <c.zakeljieee.org> [2004-11-02 11:50]:
>
>
>>and 'rdr pass' is something that's not in the man pages
>>
>>
>are you trying to offend me?
>
>it is right in the second paragraph of the TRANSLATION section.
>
> Packets that match a translation rule are only
> automatically passed if the pass modifier is given, otherwise they are
> still subject to block and pass rules.
>
>it is in the TRANSLATION EXAMPLES section.
>
> If the pass modifier is given, packets matching the translation rule are
> passed without inspecting the filter rules:
>
> rdr pass on $ext_if proto tcp from any to any port 80 -> 127.0.0.1 \
> port 8080
>
>and of course the BNF features it as well.
>
> nat-rule = [ "no" ] "nat" [ "pass" ] [ "on" ifspec ] [ af ]
> [ protospec ] hosts [ "tag" string ]
> [ "->" ( redirhost | "{" redirhost-list "}" )
> [ portspec ] [ pooltype ] [ "static-port" ] ]
>
> binat-rule = [ "no" ] "binat" [ "pass" ] [ "on" interface-name ]
> [ af ] [ "proto" ( proto-name | proto-number ) ]
> "from" address [ "/" mask-bits ] "to" ipspec
> [ "tag" string ]
> [ "->" address [ "/" mask-bits ] ]
>
> rdr-rule = [ "no" ] "rdr" [ "pass" ] [ "on" ifspec ] [ af ]
> [ protospec ] hosts [ "tag" string ]
> [ "->" ( redirhost | "{" redirhost-list "}" )
> [ portspec ] [ pooltype ] ]
>
>if you're really unable to spot that yourself, please go run another
>operating system. I really dunno how we should make that even more
>clear.
>
Yeek! I really am losing my mind :( Time to go get some eyewash and
brain food. Keep the cluestick handy, I may need to be whacked again.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]