Solved [Solved] rdr-to syntax error

src386

Member


Messages: 27

Hi everyone,
I'm currently trying to redirect port 3000 on external interface to port 22 on a specific target.
Here is my line in pf.conf:
Code:
pass in quick on $ext_inf inet6 proto tcp from any to any port 3000 rdr-to $target port 22
Buf pfctl returns :
Code:
/etc/pf.conf:32: syntax error
I do not understand why it does not working, can you help me ?
Thanks
 

junovitch@

Daemon
Developer

Reaction score: 626
Messages: 1,773

Re: rdr-to syntax error

I think you are mixing newer OpenBSD style PF syntax with the older FreeBSD style. There's no mention of the keyword rdr-to in FreeBSD's pf.conf(). I think this is what you would be looking for.

Code:
rdr pass quick on $ext_inf inet6 proto tcp from any to any port 3000 -> $target port 22

If that's not quite it, take a look at the pf.conf() page to get you in the right direction.
 
OP
S

src386

Member


Messages: 27

Re: rdr-to syntax error

Thank you, I admit I was reading OpenBSD documentation...
The correct syntax seems to be :
Code:
rdr pass on $ext_inf inet6 proto tcp from any to any port 3000 -> $target port 22
However I get the following error :
Code:
/etc/pf.conf:32: Rules must be in order: options, normalization, queueing, translation, filtering
I don't get it, I checked on manpage :
Code:
If	the pass modifier is given, packets matching the translation rule are
     passed without inspecting the filter rules:

     rdr pass on $ext_if proto tcp from	any to any port	80 -> 127.0.0.1	\
	   port	8080
That should work :q
Maybe pf expects some NAT rules ??
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 10,185
Messages: 35,689

Re: rdr-to syntax error

The order must always be:
  • NAT rules
  • rdr rules
  • pass/block rules

So move your rdr rule above any pass/block rules you may have.
 
Top