Схема сети:
Код: Выделить всё
Internet <--> SDLS Modem <--> FreeBSD 6.2 <--> Lan (192.168.0.0/24)
(217.29.xx.xx, 192.168.0.xx)
Задача, пробросить снаружи входящий трафик на 80/443 порты во внутрь на веб сервер...
это успешно..
Но не получается перенаправить трафик с 192.168.0.0/24 идущий на внешний адрес 217.29.xx.xx на порты 80/443
Используется на шлюзе pf.
Конфиг его:
Код: Выделить всё
ext_if = "tun0"
int_if = "xl0"
lan = "192.168.0.0/24"
ext_addr = "217.29.xx.xx"
int_addr = "192.168.0.xx"
router = "192.168.0.yy"
nat on $ext_if from $lan to any -> $ext_addr
## redirection
rdr pass on $int_if proto tcp from $lan to $ext_addr/32 port http tag INT_HTTP -> $router port https
rdr pass on $int_if proto tcp from $lan to $ext_addr/32 port https tag INT_HTTPS -> $router port https
rdr pass on $ext_if proto tcp from any to $ext_addr/32 port http tag EXT_HTTP -> $router port http
rdr pass on $ext_if proto tcp from any to $ext_addr/32 port https tag EXT_HTTPS -> $router port https
## Allow
pass in quick on $int_if proto tcp from $lan to $ext_addr port=http tagged INT_HTTP flags S/SA synproxy state
pass in quick on $int_if proto tcp from $lan to $ext_addr port=https tagged INT_HTTPS flags S/SA synproxy state
pass in quick on $ext_if proto tcp from any to $ext_addr port=http tagged EXT_HTTP flags S/SA synproxy state
pass in quick on $ext_if proto tcp from any to $ext_addr port=https tagged EXT_HTTPS flags S/SA synproxy state
tcp Out 192.168.0.tt:4586 192.168.0.yy:443 SYN_SENT:CLOSED 00:00:38 00:00:01 3 144
tcp Out 192.168.0.tt:4590 192.168.0.yy:443 SYN_SENT:CLOSED 00:00:10 00:00:29 3 144