Does not work here.
global connections are working, but i only want ONE remote machine to
connect to it.
i guess i have my firewall a bit to tight here.
well, short cut from my rules
int_if ="sk0"
ext_if ="re0"
match out on egress inet from !(egress) to any nat-to (egress:0)
pass in quick on $ext_if proto { tcp } from any to $ext_if port 16000
rdr-to 192.168.0.228
pass in quick on $ext_if proto { tcp,udp } from x.x.x.x to $ext_if port
3306 rdr-to 192.168.0.228
block in quick on $ext_if all
antispoof for $ext_if inet
pass out quick keep state
pass in quick inet proto icmp all icmp-type $icmp_types
pass in quick on $int_if keep state
On 26-9-2017 11:29, Zé Loff wrote:
>
>
> On Tue, Sep 26, 2017 at 09:02:13AM +0200, Ton Muller wrote:
>> For a friend who host a game server i create localy a SQL database for
>> fetching stats, so i created below rule
>>
>> pass in quick on $ext_if proto { tcp,udp } from (ip adres here) to $ext_if
>> port 3306 rdr-to 192.168.0.228
>>
>>
>> after a pfctl the database returnd a sql error, that it was unable to
>> connect to it.
>>
>> So i created a 2nd rule set (and did a # in front of the 1st rule)
>>
>> pass in quick on $ext_if proto { tcp,udp } from any to $ext_if port 3306
>> rdr-to 192.168.0.228
>>
>> And yes, a connection was made.
>>
>> so, i revered the settings, i dont want unwanted hammering on my sql server.
>> all went well, no isues.
>> so i set up the 2nd pool connection.
>> and again, NO connection possible, and the 1st pool also died with it.
>>
>>
>> what am i doing wrong so remote connection are possible ?
>>
>> any suggestions ?
>>
>> Tony.
>>
>
> I'm having trouble understanding most of your message but anyway, this
> is how I do it:
>
> match in on $ext_if inet proto { tcp, udp } to ($ext_if) port 3306 rdr-to 192.168.0.228
> pass in on $ext_if inet proto { tcp, udp } from XXX.XXX.XXX.XXX to 192.168.0.228 port 3306
>
> Also, add log keywords to the block rules (and optionally to the rules
> above) and use
>
> # tcpdump -neti pflog0
>
> to see what is happening.
>
> Cheers
> Zé
>
>
No comments:
Post a Comment