[Tfug] Syntax errors on new nat.conf

Chris Hilton tfug@tfug.org
Sat Jul 6 07:59:02 2002 

On Fri, 05 Jul 2002 22:31:15 -0700
"johngalt" <johngalt1@uswest.net> wrote:

> WTF? Did Chris reply ten days after Steven wrote his post?
> 
> Or is Steven's clock foobar?
> 
> People, please set your clock to the correct date at least....
> 
> ntpdate, | date, | whatever
> 
> and then setclock, | /sbin/clock --systohc whatever

The date of the original post and of the reply are correct.

-C-


> Chris wrote:
> > 
> > On Tue, 25 Jun 2002 22:43:12 -0700
> > "Steven Bowers" <steveb7@bblabs.net> wrote:
> > 
> > > I'm trying to resolve some syntax errors and need some help. The
> > > nat.conf from OBSD 3.1 is shown below. The errors are occuring on
> > > lines 8, 12 and 17 which correspond to my rdr statements. I'm
> > > going to run a mail and web server on fxp2/192.168.2.2 and will
> > > need access to it from fxp1/192.168.1.0/24 which is the local lan.
> > > My ext interface is fxp0.
> > >
> > > Steve
> > >
> > > ########################################################
> > > # nat.conf
> > > nat on fxp0 from 192.168.1.0/24 to any -> 24.221.35.101
> > > nat on fxp0 from 192.168.2.0/24 to any -> 24.221.35.101
> > >
> > > ########################################################
> > > # Internet (fxp0)
> > > rdr on fxp0 proto { tcp, udp } from any to 24.221.35.101 port {
> > > 25, 80, 110, 443
> > >  } -> 192.168.2.2 port { 25, 80, 110, 443 }
> > >
> > > #######################################################
> > > # private network (fxp1)
> > > rdr on fxp1 proto { tcp, udp } from 192.168.1.0/24 to
> > > 24.221.35.101 port { 25, 8 0, 110, 443 } -> 192.168.2.2 port { 25,
> > > 80, 110, 443 } rdr on fxp1 proto tcp from any to any port 21 ->
> > > 127.0.0.1 port 8081
> > >
> > > #######################################################
> > > # DMZ network (fxp2)
> > > rdr on fxp2 proto { tcp, udp } from 192.168.2.2 to 24.221.35.101
> > > port{ 25, 80, 110, 443 } -> 192.168.2.2 port { 25, 80, 110, 443 }
> > 
> > Steven-
> > 
> > IIRC, nat/rdr rules create state for each connection.  Tcp and udp
> > establish different states when they connect.  Plus port mapping is
> > one to one.  pf doesn't know what you want port 25 from the first
> > set mapped to, the second set has 4 choices.  You will have to
> > define an rdr for each protocol/port you want to redirect.  Ditch
> > the sets and it should start working.  You also have a space between
> > the 8 and the 0 in the first port set in your second rdr rule.
> > 
> > -C-
> > _______________________________________________
> > tfug mailing list
> > tfug@tfug.org
> > http://www.tfug.org/mailman/listinfo/tfug
> _______________________________________________
> tfug mailing list
> tfug@tfug.org
> http://www.tfug.org/mailman/listinfo/tfug