look in www.openbsd.org in faqs there is a very good faq on how implement that and in openbsd support too David
2005/9/28, Francisco Valladolid <[EMAIL PROTECTED]>: > Hi Folks .. > I had recently installed a OpenBSD 3.8 -current machine, running in-kernel > PPPoE implementation, (man 4 pppoe), while it connect fine to the internet > (via ADSL Modem), and do NAT corectly, I can't access to internal web server > from the internet. it run DynDNS. > The scenario is the next. > Internet --------- ADSL --------dc0-- OpenBSD 3.8 fxp0 ----------switch > --------- LAN (192.168.0.0/24 <http://192.168.0.0/24>) > While i dodn't have a DMZ yet, I hope shortly have it. > > int_if = "fxp0" > ext_if = "pppoe0" > > tcp_services = "{ 22, 113 }" > www_server = "192.168.1.100 <http://192.168.1.100>" > webports = "{http, https}" > > # port 80 for www service ruunning > icmp_types = "echoreq" > > #priv_nets = "{ 127.0.0.0/8 <http://127.0.0.0/8>, > 192.168.0.0/16<http://192.168.0.0/16>, > 172.16.0.0/12 <http://172.16.0.0/12>, 10.0.0.0/8 <http://10.0.0.0/8> }" > priv_nets = "{127.0.0.0/8 <http://127.0.0.0/8>, > 192.168.0.0/16<http://192.168.0.0/16>}" > > # options > set block-policy return > set loginterface $ext_if > > # scrub > scrub in all > > # scrub for NAT in PPPoE for using max mtu value > scrub out on pppoe0 max-mss 1440 > > # nat/rdr > nat on $ext_if from $int_if:network to any -> ($ext_if) > rdr on $int_if proto tcp from any to any port 21 -> > 127.0.0.1<http://127.0.0.1>\ > port 8021 > > # permite acceso al HTTP server > rdr on $ext_if proto tcp from any to any port 80 -> $www_server > > #redirecciona el puerto 3128 al 8 para hacer squid transparente > #rdr on $int_if inet proto tcp from any to any port www -> > 127.0.0.1<http://127.0.0.1>port 3128 > > # filter rules > block all > > pass quick on lo0 all > > block drop in quick on $ext_if from $priv_nets to any > block drop out quick on $ext_if from any to $priv_nets > > pass in on $ext_if inet proto tcp from any to ($ext_if) \ > port $tcp_services flags S/SA keep state > > pass in on $ext_if inet proto tcp from any to ($ext_if) \ > user proxy keep state > > #pasa todo por el squid > > # pass in on $int_if inet proto tcp from any to 127.0.0.1 > <http://127.0.0.1>port 3128 keep state > # pass out on $ext_if inet proto tcp from any to any port www keep state > > pass in on $int_if from $int_if:network to any keep state > pass out on $int_if from any to $int_if:network keep state > > pass out on $ext_if proto tcp all modulate state flags S/SA > pass out on $ext_if proto { udp, icmp } all keep state > > # > > pass in on $ext_if proto tcp from any to $www_server port 80 \ > flags S/SA synproxy state > > Now, the www server (apache) located in 192.168.1.100 > <http://192.168.1.100>do not work . > > Any suggestions. > > Regards. > > -- > --- > BSD - Unix simplicity. > Francisco Valladolid Hdez. > [EMAIL PROTECTED]
