Solved [Solved] rdr-to syntax error

[src386]

Hi everyone,
I'm currently trying to redirect port 3000 on external interface to port 22 on a specific target.
Here is my line in pf.conf:

pass in quick on $ext_inf inet6 proto tcp from any to any port 3000 rdr-to $target port 22

Buf pfctl returns :

/etc/pf.conf:32: syntax error

I do not understand why it does not working, can you help me ?
Thanks

 

[junovitch@]

Re: rdr-to syntax error

I think you are mixing newer OpenBSD style PF syntax with the older FreeBSD style. There's no mention of the keyword rdr-to in FreeBSD's pf.conf(). I think this is what you would be looking for.

rdr pass quick on $ext_inf inet6 proto tcp from any to any port 3000 -> $target port 22

If that's not quite it, take a look at the pf.conf() page to get you in the right direction.

 

[src386]

Re: rdr-to syntax error

Thank you, I admit I was reading OpenBSD documentation...
The correct syntax seems to be :

rdr pass on $ext_inf inet6 proto tcp from any to any port 3000 -> $target port 22

However I get the following error :

/etc/pf.conf:32: Rules must be in order: options, normalization, queueing, translation, filtering

I don't get it, I checked on manpage :

If	the pass modifier is given, packets matching the translation rule are
     passed without inspecting the filter rules:

     rdr pass on $ext_if proto tcp from	any to any port	80 -> 127.0.0.1	\
	   port	8080

That should work :q
Maybe pf expects some NAT rules ??

 

[SirDice]

Re: rdr-to syntax error

The order must always be:

• NAT rules
• rdr rules
• pass/block rules

So move your rdr rule above any pass/block rules you may have.

 

[src386]

Re: rdr-to syntax error

It works.
Thank you.