Hi folks,
I am looking to make one of the jails in my server to be able to connect to itself using the external IP. So you understand me. I want to access my domain that points to the server IP from inside the jail as if I were accessing it from the outside. But I am totally lost. I try rdr and nat, nothing. I tried to see if a filtering rule was interfering but can't find one.
Here are my PF rules:
I am looking to make one of the jails in my server to be able to connect to itself using the external IP. So you understand me. I want to access my domain that points to the server IP from inside the jail as if I were accessing it from the outside. But I am totally lost. I try rdr and nat, nothing. I tried to see if a filtering rule was interfering but can't find one.
Here are my PF rules:
Code:
# interface names definition
ext_if = "re0"
webjail="10.10.10.x1"
sqljail="10.10.10.x2"
appjail="10.10.10.x3"
mailjail="10.10.10.x4"
# do not filter loopback
set skip on le0
scrub in all
# map external ip to tomcat
#rdr pass on $ext_if proto tcp from any to $ext_if port 80 -> $ext_if port 8081
#redirect to jailed webserver
rdr pass on $ext_if proto tcp from any to $ext_if port 80 -> $webjail port 80
rdr pass on $ext_if proto tcp from any to $ext_if port 22 -> $appjail port 22
rdr pass on $ext_if proto tcp from any to $ext_if port 51413 -> $appjail port 51
rdr pass on $ext_if proto udp from any to $ext_if port 51413 -> $appjail port 51
#rdr pass on lo1 proto tcp from $webjail to $ext_if port 80 -> $webjail port 80
#move ssl to ssh
rdr pass on $ext_if proto tcp from any to $ext_if port 443 -> $ext_if port 22
rdr pass on $ext_if proto tcp from any to $ext_if port 24 -> $ext_if port 22
#allow jails to see the internet
nat on $ext_if from $webjail to any -> ($ext_if)
nat on $ext_if from $sqljail to any -> ($ext_if)
nat on $ext_if from $appjail to any -> ($ext_if)
nat on $ext_if from $mailjail to any -> ($ext_if)
#block in all
pass out all
#pass in all
block drop in on $ext_if from any to any
# slow down crackers
block quick from <bruteforce>
# leave outide traffic pass
#let computer at work get in
pass in quick on $ext_if from x.x.x.x to any
# permit external SSH access / take away bruteforcers
pass in quick on $ext_if proto tcp from any to $ext_if port 22 flags S/SA keep state (max-src-conn 10, max-src-conn-rate 4/10, overload <bruteforce> flush global)