Re: NPF port forward

To: William Ross <williamrossmbsw%gmail.com@localhost>
Subject: Re: NPF port forward
From: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Date: Sat, 19 Jan 2013 02:49:39 +0000

William Ross <williamrossmbsw%gmail.com@localhost> wrote:
> On 17 January 2013 23:41, Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
> wrote:
> 
> > You probably want the following:
> >
> > $rdr_ip = "pcn0" # or $rdr_ip = inet4(pcn0) on the latest netbsd-6
> > kernel map pcn0 dynamic 127.0.0.1 port 3890 <- $rdr_ip port 389
> >
> 
> That would redirect all traffic coming into the machine on port 389, to
> port 3890. I only want to redirect traffic from one machine (10.0.0.53) to
> the service on port 3890, leaving all other machines to access the service
> on port 389.

When the additional "pass <...>" filter criteria is used, it means you
are going to specify the criteria explicitly, therefore NPF will not do
that for you implicitly and the segment on the right-hand side is actually
ignored.  In such case the criteria has to be full, i.e. you should filter
on the source *and* the destination (otherwise it will redirect all traffic
to that single port).  Perhaps it looks a little bit confusing, but the
"pass <...>" syntax is exactly the same as of a regular rule.  Try:

map pcn0 dynamic 127.0.0.1 port 3890 <- 0.0.0.0 \
    pass from 10.0.0.53 to $rdr_ip port 389

-- 
Mindaugas

Follow-Ups:
- Re: NPF port forward
  - From: William Ross

References:
- NPF port forward
  - From: William Ross
- Re: NPF port forward
  - From: Mindaugas Rasiukevicius

Prev by Date: Re: NPF port forward
Next by Date: Re: NPF port forward
Previous by Thread: Re: NPF port forward
Next by Thread: Re: NPF port forward
Indexes:

Home | Main Index | Thread Index | Old Index