Building The Network You Need With PF, The OpenBSD Packet Filter: BSDCan 2016, Ottawa, Canada, June 8th 2016 | ||
---|---|---|
Prev | Next |
If routable addresses are not available, you
select an appropriate RFC1918 address range
edit your webserver, emailserver
add appropriate redirections
match in on $ext_if proto tcp to $ext_if port $webports rdr-to $webserver match in on $ext_if proto tcp to $ext_if port $email rdr-to $emailserver
or combined
pass in on $ext_if inet proto tcp to $ext_if port $webports rdr-to $webserver pass in on $ext_if inet proto tcp to $ext_if port $email rdr-to $mailserver
Pre-4.7:
rdr on $ext_if proto tcp from any to $ext_if port \ $webports -> $webserver rdr on $ext_if proto tcp from any to $ext_if port \ $email -> $emailserver
segment off your DMZ, introduce address pools