Bug #99
closed
Reflection is broken in 2.0
0%
Description
This is closer than it was, but it still doesn't work. The port in inetd.conf and the one in the rdr don't match. The rdr starts at port 19000 just as 1.2.x does, but inetd.conf adds the actual external port. In this case, it's a port forward on WAN IP 10.0.64.28 port 88, forwarding to internal 192.168.1.199 port 80.
rdr on { em1 } proto tcp from any to 10.0.64.28 port 88 tag PFREFLECT -> 127.0.0.1 port 19000
88 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 192.168.1.199 80
Updated by Seth Mos about 15 years ago
- Status changed from New to Feedback
Scott Ullrich wrote:
Surfing into a website results in:
nc [-46DEdhklnrStUuvz] [-e policy] [-i interval] [-P proxy_username] [-p source_port]
Basically no traffic can pass on the firewall.
I made sure the pf rdr rule actually contains the external address as intended in the filter code.
Seems the nat filter generate code didn't include this port forward piece of code.
FTP from behind a 2.0 to a public FTP server works again for me.
Please test
Updated by Ermal Luçi almost 15 years ago
I have done some commits which should fix this.
It even enhanced the rdr rules to specify ranges instead of creating infinite of them.
Updated by Chris Buechler almost 15 years ago
- Subject changed from Reflection is badly broken in 2.0 to Reflection is broken in 2.0
- Category changed from Operating System to Rules / NAT
- Status changed from Feedback to New
closer, still broken. Updated ticket with current status
Updated by Ermal Luçi almost 15 years ago
- Status changed from New to Feedback
Another fix committed.