[Tfug] Syntax errors on new nat.conf

[Chris]

On Tue, 25 Jun 2002 22:43:12 -0700
"Steven Bowers" <steveb7@bblabs.net> wrote:

> I'm trying to resolve some syntax errors and need some help. The
> nat.conf from OBSD 3.1 is shown below. The errors are occuring on
> lines 8, 12 and 17 which correspond to my rdr statements. I'm going to
> run a mail and web server on fxp2/192.168.2.2 and will need access to
> it from fxp1/192.168.1.0/24 which is the local lan. My ext interface
> is fxp0. 
> 
> Steve
> 
> ########################################################
> # nat.conf
> nat on fxp0 from 192.168.1.0/24 to any -> 24.221.35.101
> nat on fxp0 from 192.168.2.0/24 to any -> 24.221.35.101
> 
> ########################################################
> # Internet (fxp0)
> rdr on fxp0 proto { tcp, udp } from any to 24.221.35.101 port { 25,
> 80, 110, 443
>  } -> 192.168.2.2 port { 25, 80, 110, 443 }
> 
> #######################################################
> # private network (fxp1)
> rdr on fxp1 proto { tcp, udp } from 192.168.1.0/24 to 24.221.35.101
> port { 25, 8 0, 110, 443 } -> 192.168.2.2 port { 25, 80, 110, 443 }
> rdr on fxp1 proto tcp from any to any port 21 -> 127.0.0.1 port 8081
> 
> #######################################################
> # DMZ network (fxp2)
> rdr on fxp2 proto { tcp, udp } from 192.168.2.2 to 24.221.35.101 port
> { 25, 80, 110, 443 } -> 192.168.2.2 port { 25, 80, 110, 443 }

Steven-

IIRC, nat/rdr rules create state for each connection.  Tcp and udp
establish different states when they connect.  Plus port mapping is one
to one.  pf doesn't know what you want port 25 from the first set mapped
to, the second set has 4 choices.  You will have to define an rdr for
each protocol/port you want to redirect.  Ditch the sets and it should
start working.  You also have a space between the 8 and the 0 in the
first port set in your second rdr rule.

-C-