PF wont open port despite rules...

Firewalls

Moderator: 127.0.0.1

PF wont open port despite rules...

Postby Dain_L » Tue Jun 24, 2008 3:30 am

Hello,

I just dont get it. I have a PF firewall on my DSL connection with 3 internal network interfaces. On one of the internal networks (LNETTR) theres a web server and a smtp server.

However; despite redirections and filtering rules it doesn't work. The ports redirected does not open. If I scan myself all ports are still STEALTH.
Web surf and any outgoing traffic I allow works perfectly.

Any help would be appreciated.
Thnx in advance.

/U

# # $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $


# 1. Macros
lo_if = "lo0"

ext_if = "rl0"

UNET_if = "vr0"
UNET_network = "x.x.x.x/x"

LNETTR_if = "rl1"
LNETTR_network = "y.y.y.y/y"

# PUBNET_if = "rl2"
# PUBNET_network "z.z.z.z/z"

internal_networks = "{ x.x.x.x/x, y.y.y.y/y }"


tcpservices = "{ 22, 21, 80, 443, 1863, 5190 }"
udpservices = "{ 53 }"
reserved_networks = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12,
10.0.0.0/8 }"

# 2. Tables
# Tomt.

# 3. Options
set limit { states 50000, frags 50000 }
set block-policy drop
set optimization aggressive
set skip on $lo_if

# 4. Packet normalization
scrub in all

# 5. Queueing

# 6. Translation
nat on $ext_if from $internal_networks -> ($ext_if)

nat-anchor "ftp-proxy/*" # FTP proxy
rdr-anchor "ftp-proxy/*" # FTP proxy
rdr pass on $UNET_if proto tcp from any to any port ftp -> 127.0.0.1 port
8021 #
FTP proxy
rdr pass on $LNETTR_if proto tcp from any to any port ftp -> 127.0.0.1
port 8021 #
FTP proxy
# rdr pass on $PUBNET_if proto tcp from any to any port ftp -> 127.0.0.1
port 8021
# FTP proxy

rdr on $ext_if proto tcp from any to ($ext_if) port 80 -> <server> port 80
rdr on $ext_if proto tcp from any to ($ext_if) port 25 -> <server> port 25




# 7. Filtering
anchor "ftp-proxy/*" # FTP proxy
block in all
block out all
antispoof for { $ext_if, $UNET_if }
pass in on $UNET_if proto tcp from $UNET_network to any port $tcpservices
pass in on $UNET_if proto udp from $UNET_network to any port $udpservices

pass in on $LNETTR_if proto tcp from $LNETTR_network to any port $tcpservices
pass in on $LNETTR_if proto udp from $LNETTR_network to any port $udpservices

pass in on $ext_if proto tcp from any to ($ext_if) port 80
pass in on $ext_if proto tcp from any to ($ext_if) port 25

pass out on $ext_if proto { tcp udp icmp } all keep state

# block in quick on $ext_if from $reserved_networks to any
# block out quick on $ext_if from any to $reserved_networks



#EOF
Dain_L
n00b
n00b
 
Posts: 1
Joined: Tue Jun 24, 2008 3:27 am

Return to Firewalls

Who is online

Users browsing this forum: No registered users and 1 guest

cron