I have a vnet jail assigned to the DMZ IP and would like to forward traffic pointing to a specific port to a virtual machine running on the host.
The virtual machine's IP is 192.168.100.106 and a webserver is running on port 8080.
This jail's IP is 192.168.100.200 and
The problem is when I try to access from outside. I must add I can point to the ssh port without issues from the outside.
The virtual machine's IP is 192.168.100.106 and a webserver is running on port 8080.
This jail's IP is 192.168.100.200 and
telnet 192.168.100.106 8080 from it returns the expected result.The problem is when I try to access from outside. I must add I can point to the ssh port without issues from the outside.
Code:
ext_if="epair11b"
#set skip on lo0
rdr pass log on $ext_if proto { tcp } from any to any port 8086 -> 192.168.100.106 port 8080
#block all
pass quick proto tcp from any to 192.168.100.200 keep state
pass in proto { tcp udp } to port { 8086 8080 }
pass out proto { tcp udp } to port { 22 53 80 123 443 8080 8086 }
pass out inet proto icmp icmp-type { echoreq }
Code:
root@honeypot:/ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
groups: pflog
epair11b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:53:5e:fd:5c:0b
inet 192.168.100.200 netmask 0xffffff00 broadcast 192.168.100.255
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>