pROLY RIGHT.
i tested it with GRC.com ,that works.
weard, i have entered the correct ip, even a /24, /16, and /8 !! isnt
working.
think the guy need to ask the GSP for the proper ip adres ,Well,
anyways, experiment still sucsesfull ,
thank u for the time, and the other solution.
Tony.
On 26-9-2017 16:28, Zé Loff wrote:
> On Tue, Sep 26, 2017 at 04:04:45PM +0200, Ton Muller wrote:
>> Does not work here.
>> global connections are working, but i only want ONE remote machine to
>> connect to it.
>
> Well, if the problem arises when you change "from any" to "from x.x.x.x"
> then I'd say you are specifying the wrong IP (maybe NATing or the like
> on the other end is mixing things up). I'll suggest tcpdump again:
>
> # tcpdump -nti <your external iface> port 3306
>
> This might help in figuring out which IP the connection requests are
> coming from.
>
> OT: I don't know if you have considered it or not, but you very much
> want to be using TLS on this connection and/or using client certificates
> for authentication.
>
> Cheers
> Zé
>
>>
>> i guess i have my firewall a bit to tight here.
>>
>> well, short cut from my rules
>>
>> int_if ="sk0"
>> ext_if ="re0"
>>
>> match out on egress inet from !(egress) to any nat-to (egress:0)
>>
>> pass in quick on $ext_if proto { tcp } from any to $ext_if port 16000 rdr-to
>> 192.168.0.228
>> pass in quick on $ext_if proto { tcp,udp } from x.x.x.x to $ext_if port 3306
>> rdr-to 192.168.0.228
>>
>> block in quick on $ext_if all
>> antispoof for $ext_if inet
>>
>> pass out quick keep state
>> pass in quick inet proto icmp all icmp-type $icmp_types
>> pass in quick on $int_if keep state
>>
>> On 26-9-2017 11:29, Zé Loff wrote:
>>>
>>>
>>> On Tue, Sep 26, 2017 at 09:02:13AM +0200, Ton Muller wrote:
>>>> For a friend who host a game server i create localy a SQL database for
>>>> fetching stats, so i created below rule
>>>>
>>>> pass in quick on $ext_if proto { tcp,udp } from (ip adres here) to $ext_if
>>>> port 3306 rdr-to 192.168.0.228
>>>>
>>>>
>>>> after a pfctl the database returnd a sql error, that it was unable to
>>>> connect to it.
>>>>
>>>> So i created a 2nd rule set (and did a # in front of the 1st rule)
>>>>
>>>> pass in quick on $ext_if proto { tcp,udp } from any to $ext_if port 3306
>>>> rdr-to 192.168.0.228
>>>>
>>>> And yes, a connection was made.
>>>>
>>>> so, i revered the settings, i dont want unwanted hammering on my sql server.
>>>> all went well, no isues.
>>>> so i set up the 2nd pool connection.
>>>> and again, NO connection possible, and the 1st pool also died with it.
>>>>
>>>>
>>>> what am i doing wrong so remote connection are possible ?
>>>>
>>>> any suggestions ?
>>>>
>>>> Tony.
>>>>
>>>
>>> I'm having trouble understanding most of your message but anyway, this
>>> is how I do it:
>>>
>>> match in on $ext_if inet proto { tcp, udp } to ($ext_if) port 3306 rdr-to 192.168.0.228
>>> pass in on $ext_if inet proto { tcp, udp } from XXX.XXX.XXX.XXX to 192.168.0.228 port 3306
>>>
>>> Also, add log keywords to the block rules (and optionally to the rules
>>> above) and use
>>>
>>> # tcpdump -neti pflog0
>>>
>>> to see what is happening.
>>>
>>> Cheers
>>> Zé
>>>
>>>
>>
>
No comments:
Post a Comment