PF framing simple rule

ravinew1

Member


Messages: 29

I am new to this firewalls. Past three months, I have worked on OpenBSD and written few rules.
Now I started exploring FreeBSD firewall deployed with pfSense. Through pfSense, I configured
inbound rule using rdr given below.
--
The rule written in pfsense:
"rdr on em0 proto tcp from any to 10.182.1.240 port 8080 -> 192.168.56.42"
--
But it is not working.

My request is how can i write a rule which can pass internet traffic to internal machine.

Internal network address :
--------------------------
1) 1.1) em1(=192.168.56.40/24
1.2) internal machine address: 192.168.56.42 , on this ,one service is running on port: 8080
External address:
------------------
2) em0=10.182.1.240/24.

Question:
----------
How can i write a nat and rdr rules to pass traffic from external to internal using above ip address?
 

Eric A. Borisch

Well-Known Member

Reaction score: 243
Messages: 412

Try adding ‘pass’ between ‘rdr’ and ‘on’. Otherwise you need to ensure your other rules permit the redirected traffic flow after the address change is applied.
 
OP
OP
R

ravinew1

Member


Messages: 29

Hi all,

I created a simple pf.conf file which contains the following two rules:

Step 1
-------
pf.conf file
---------------
set skip on pfsync0
# NAT Inbound Redirects
rdr pass on em0 proto tcp from any to 10.182.1.240 port 8080 -> 192.168.56.42


Here,
1) 10.182.1.240 is ip of external interface em0, and
2) 192.168.56.40 is ip of internal interface em1 and
3) 192.168.56.42 is ip of one of the internal machine.

step 2.
--------
1. loaded them using following command
pfctl -f pf.conf

step3:
-------
1. executed pfctr -sr to see loaded rules ,but noting is displaying.It means no rules are loaded.

pls guide me how to write rules for redirecting traffic from em0 to em1 device .
thank you
 
OP
OP
R

ravinew1

Member


Messages: 29

It is Urgent.Can you help me.
Apart from this, Can anyone suggest a link which describes configuration of firewall from sending a traffic from extenal network to internal network
 

Eric A. Borisch

Well-Known Member

Reaction score: 243
Messages: 412

Have you asked on a pfsense forum? There may be some differences I’m unaware of.

To see rdr rules, you need to show the translation table, not the filtering table: pfctl -s nat
 
Top