Re: NPF port forward

To: netbsd-users%netbsd.org@localhost
Subject: Re: NPF port forward
From: William Ross <williamrossmbsw%gmail.com@localhost>
Date: Sat, 19 Jan 2013 10:37:53 +0000

On 19 January 2013 02:49, Mindaugas Rasiukevicius <rmind%netbsd.org@localhost> 
wrote:
>
> When the additional "pass <...>" filter criteria is used, it means you
> are going to specify the criteria explicitly, therefore NPF will not do
> that for you implicitly and the segment on the right-hand side is actually
> ignored.
>
> Try:
>
> map pcn0 dynamic 127.0.0.1 port 3890 <- 0.0.0.0 \
>     pass from 10.0.0.53 to $rdr_ip port 389
>
Yes, that works perfectly thank you.

So to test my understanding, looking back at my original rule:
map pcn0 dynamic 127.0.0.1 port 3890 <- pcn0 pass from 10.0.0.53 port 389
on the right-hand-side pcn0 is ignored (because a pass <...> block
follows), it would then match packets with a _source_ IP:port of
10.0.0.53:389 and _any_ destination IP:port (because the 'to'
specification was omitted).

Will

Follow-Ups:
- Re: NPF port forward
  - From: Mindaugas Rasiukevicius

References:
- NPF port forward
  - From: William Ross
- Re: NPF port forward
  - From: Mindaugas Rasiukevicius
- Re: NPF port forward
  - From: Mindaugas Rasiukevicius

Prev by Date: Re: NPF port forward
Next by Date: Re: minimally non-encrypted cgd setup?
Previous by Thread: Re: NPF port forward
Next by Thread: Re: NPF port forward
Indexes:

Home | Main Index | Thread Index | Old Index