PF redirection from a port to another

JeyDee

New Member


Messages: 1

Hi there,
I'm too new to BSD and pf so I can't accomplish the following task and receiving generic "syntax error", maybe because of tables or macros. Here's the scenario: a server in DMZ with unbound (serving as resolver to other machines in DMZ) and NSD (authoritative for an Internet domain). To make this work I configured NSD to listen to a different port, say 53535. I want pf to block all traffic:
1) except for ssh from internal networks (DMZ, LAN)
2) permit resolving requests from DMZ to port 53 (unbound)
3) all traffic coming from external firewall to port 53 redirected to port 53535.

Any help? Thanx
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,751
Messages: 30,832

all traffic coming from external firewall to port 53 redirected to port 53535.
Run the service on the correct port. Don't resort to silly constructs like this.
 

Zirias

Aspiring Daemon

Reaction score: 224
Messages: 606

Run the service on the correct port. Don't resort to silly constructs like this.
Still an answer would be helpful, as there are scenarios that require such functionality. E.g. make the same service on different hosts available to the outside world through an IPv4 NAT.

Anyways, it might be helpful to see what has been tried before. In general, an rdr rule ending with -> <host> port 53535 should do the trick.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,751
Messages: 30,832

Bind NSD to the external address, bind unboud to the local address. There's rarely a need for silly constructs like that. If you do appear to need it you're doing something wrong and may need to review what you're trying to accomplish.
 
Top