OK, I know that I must be missing something simple again. (Like the last thread I posted when I had trouble - 3-4 pages and several hours later, I discovered I'd mis-typed an IP address. ) I'm guessing that something like this is happening here, but I've checked all the addresses and port numbers several times. I also tried removing all the variables and hard-coding the interfaces, but to no avail.
Basically, I want to forward a port through my firewall to a machine behind the NAT.
According to the pf documentation I found, the following should cause the firewall to allow somebody to connect to port 50000 on the FreeBSD box and behave as if you're connecting to port 80 on 192.168.100.20 behind the NAT. nfe0 is my external interface and rl0 is the internal.
When connecting to port 80 of 192.168.100.20 from the FreeBSD box, I can fetch html normally. Connecting to port 50000 of the FreeBSD box results in an immediate connection refused error.
I've even added the following, but since nothing is listening on port 50000, the connection just times out.
Any ideas?
Basically, I want to forward a port through my firewall to a machine behind the NAT.
According to the pf documentation I found, the following should cause the firewall to allow somebody to connect to port 50000 on the FreeBSD box and behave as if you're connecting to port 80 on 192.168.100.20 behind the NAT. nfe0 is my external interface and rl0 is the internal.
Code:
rdr on nfe0 proto tcp from any to any port 50000 -> 192.168.100.20 port 80
When connecting to port 80 of 192.168.100.20 from the FreeBSD box, I can fetch html normally. Connecting to port 50000 of the FreeBSD box results in an immediate connection refused error.
I've even added the following, but since nothing is listening on port 50000, the connection just times out.
Code:
pass in on nfe0 inet proto tcp from any to any port 50000 flags S/SA keep state
Any ideas?