miniupnp.tuxfamily.org Forum Index miniupnp.tuxfamily.org
The forum about miniupnp and libnatpmp
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

monkeys changed syntax in pf
Goto page 1, 2, 3, 4  Next
 
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Compilation/Installation
View previous topic :: View next topic  
Author Message
BABUT



Joined: 07 Feb 2009
Posts: 13

PostPosted: Thu Sep 03, 2009 8:30 am    Post subject: monkeys changed syntax in pf Reply with quote

..for nat/rdr rules and anchors.

ps: i hate them too ;)
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1391

PostPosted: Fri Sep 04, 2009 9:04 am    Post subject: Re: monkeys changed syntax in pf Reply with quote

BABUT wrote:
..for nat/rdr rules and anchors.

ps: i hate them too Wink

what are you talking about ?
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
BABUT



Joined: 07 Feb 2009
Posts: 13

PostPosted: Fri Sep 04, 2009 11:15 am    Post subject: Reply with quote

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c
now miniupnpd isn't working
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1391

PostPosted: Fri Sep 04, 2009 4:26 pm    Post subject: Reply with quote

BABUT wrote:
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c
now miniupnpd isn't working

OK. seems like it would be for OpenBSD 4.7.
It'll be ok for OpenBSD 4.6
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
BABUT



Joined: 07 Feb 2009
Posts: 13

PostPosted: Sun Oct 25, 2009 10:21 pm    Post subject: Reply with quote

changes of pf syntax do not included in 4.6 release. anybody help me save 6 months of my life? ;)
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1391

PostPosted: Sat Mar 06, 2010 8:24 am    Post subject: Reply with quote

I'm currently working to add support for pf rule syntax in OpenBSD 4.7 that is coming...

anybody having some tested RDR rules samples under OpenBSD-current ?
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
BABUT



Joined: 07 Feb 2009
Posts: 13

PostPosted: Sat Mar 06, 2010 8:51 am    Post subject: Reply with quote

i drive current, but my bad english is not possible to understand what you need.
http://www.openbsd.org/cgi-bin/cvsweb/src/share/man/man5/pf.conf.5 -it?
http://www.openbsd.org/cgi-bin/cvsweb/src/share/man/man4/pf.4 -or it?
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1391

PostPosted: Sat Mar 06, 2010 9:18 am    Post subject: Reply with quote

pf(4) is up to date in the Man, but pf.conf(5) is not. It is dated from May 2009.
example given is
Code:
 rdr on ne3 inet proto tcp to port smtp -> 127.0.0.1 port spamd
, how is the same rule with the new syntax ???
Well in fact I would need to write the rule
Code:
rdr pass on xl1 inet proto udp from any to any port = 12345 label "testing" -> 10.10.42.42 port 54321
with the new syntax
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1391

PostPosted: Sat Mar 06, 2010 9:21 am    Post subject: Reply with quote

BABUT wrote:
i drive current, but my bad english is not possible to understand what you need.
http://www.openbsd.org/cgi-bin/cvsweb/src/share/man/man5/pf.conf.5 -it?
http://www.openbsd.org/cgi-bin/cvsweb/src/share/man/man4/pf.4 -or it?

If you have some redirection rules, the output of pfctl -srules | grep rdr on your OpenBSD-current could help Smile
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
BABUT



Joined: 07 Feb 2009
Posts: 13

PostPosted: Sat Mar 06, 2010 9:34 am    Post subject: Reply with quote

variant 1:
pass in on $ext proto tcp to (self) port telnet rdr-to $target
pass out on $int proto tcp to $target port telnet
variant 2:
match in on $ext proto tcp to (self) port telnet rdr-to $target
pass in on $ext proto tcp to $target port telnet
pass out on $int proto tcp to $target port telnet
variant 3:
match in on $ext proto tcp to (self) port telnet rdr-to $target tag PASS
pass all tagged PASS
variant 4: ..
..
or it? %)
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1391

PostPosted: Sat Mar 06, 2010 9:39 am    Post subject: Reply with quote

BABUT wrote:
variant 1:
pass in on $ext proto tcp to (self) port telnet rdr-to $target
pass out on $int proto tcp to $target port telnet
variant 2:
match in on $ext proto tcp to (self) port telnet rdr-to $target
pass in on $ext proto tcp to $target port telnet
pass out on $int proto tcp to $target port telnet
variant 3:
match in on $ext proto tcp to (self) port telnet rdr-to $target tag PASS
pass all tagged PASS
variant 4: ..
..
or it? %)

thanks !
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
BABUT



Joined: 07 Feb 2009
Posts: 13

PostPosted: Sat Mar 06, 2010 9:48 am    Post subject: Reply with quote

i use variant 3
match in inet proto tcp from any to (self) port = domain tag PASS rdr-to 127.0.0.1
match in inet proto udp from any to (self) port = domain tag PASS rdr-to 127.0.0.1
match in inet proto tcp from <free> to (self) port = auth tag PASS rdr-to 127.0.0.1
match in inet proto tcp from <free> to (self) port = ntp tag PASS rdr-to 127.0.0.1
match in inet proto udp from <free> to (self) port = ntp tag PASS rdr-to 127.0.0.1
match in on ste0 inet proto udp from 192.168.200.20 to (self) port = snmp tag PASS rdr-to 127.0.0.1
match in on ste0 inet proto udp from 192.168.200.20 to (self) port = snmp-trap tag PASS rdr-to 127.0.0.1
match in on ath0 inet proto udp from 192.168.200.20 to (self) port = snmp tag PASS rdr-to 127.0.0.1
match in on ath0 inet proto udp from 192.168.200.20 to (self) port = snmp-trap tag PASS rdr-to 127.0.0.1
match in inet proto tcp from <local> to (self) port = www tag PASS rdr-to 127.0.0.1
match in inet proto tcp from <local> to (self) port = https tag PASS rdr-to 127.0.0.1
match in on ste0 inet proto udp from 192.168.200.20 to (self) port = syslog tag PASS rdr-to 127.0.0.1
match in on ath0 inet proto udp from 192.168.200.20 to (self) port = syslog tag PASS rdr-to 127.0.0.1
match in inet proto tcp from <free> to (self) port = 3128 tag PASS rdr-to 127.0.0.1
match in inet proto tcp from <local> to (self) port = 3128 tag PASS rdr-to 127.0.0.1
match in on ste0 inet proto tcp from 192.168.200.20 to (self) port = 3401 queue(Q_high_data, Q_high_init) tag PASS rdr-to 127.0.0.1
match in on ste0 inet proto udp from 192.168.200.20 to (self) port = 3401 queue(Q_high_data, Q_high_init) tag PASS rdr-to 127.0.0.1
match in on ath0 inet proto tcp from 192.168.200.20 to (self) port = 3401 queue(Q_high_data, Q_high_init) tag PASS rdr-to 127.0.0.1
match in on ath0 inet proto udp from 192.168.200.20 to (self) port = 3401 queue(Q_high_data, Q_high_init) tag PASS rdr-to 127.0.0.1
match in inet proto udp from <free> to (self) port = 3130 queue(Q_high_data, Q_high_init) tag PASS rdr-to 127.0.0.1
match in inet proto tcp from <free> to (self) port = 2101 queue(Q_high_data, Q_high_init) tag PASS rdr-to 127.0.0.1
match in inet proto tcp from any to (self) port = 6660 queue(Q_high_data, Q_high_init) tag PASS rdr-to 127.0.0.1
match in inet proto tcp from any to 83.234.231.138 port = 3389 tag PASS rdr-to 195.151.6.241 port 3399
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1391

PostPosted: Mon Mar 08, 2010 5:31 pm    Post subject: Reply with quote

I've done some work thanks to Chris Kildau which gave me access to his OpenBSD-current box.
Here is the result : miniupnpd-1.4.20100308.tar.gz

But it still doesnt work for some unknown reason Sad
Maybe adding a rule now doesnt work with DIOCCHANGERULE, only with DIOCADDRULE

If someone wants to have a look, execute ./genconfig.sh, then change to the pf directory, and make. testobsdrdr will fail to add a rule but should properly display rules already set in the anchor "miniupnpd".
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
BABUT



Joined: 07 Feb 2009
Posts: 13

PostPosted: Thu Mar 25, 2010 11:42 pm    Post subject: Reply with quote

may be henning brauer(henning@openbsd.org) help you? ;)
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1391

PostPosted: Fri Mar 26, 2010 9:43 am    Post subject: Reply with quote

Before annoying him, I should do some test on a OpenBSD version that is the same as what will be released as OpenBSD 4.7. (contact me by email if you can provide me that)
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Compilation/Installation All times are GMT
Goto page 1, 2, 3, 4  Next
Page 1 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP
© 2007 Thomas Bernard, author of MiniUPNP.