Building the Network You Need with OpenBSD's PF: EuroBSDCon, St. Julian's, September 26th 2013 | ||
---|---|---|
Prev | Next |
If routable addresses are not available, you
select an appropriate RFC1918 address range
edit your webserver, emailserver
add appropriate redirections
match in on $ext_if proto tcp to $ext_if port $webports rdr-to $webserver match in on $ext_if proto tcp to $ext_if port $email rdr-to $emailserver
or combined
pass in on $ext_if inet proto tcp to $ext_if port $webports rdr-to $webserver pass in on $ext_if inet proto tcp to $ext_if port $email rdr-to $mailserver
Pre-4.7:
rdr on $ext_if proto tcp from any to $ext_if port \ $webports -> $webserver rdr on $ext_if proto tcp from any to $ext_if port \ $email -> $emailserver
segment off your DMZ, introduce address pools