OpenBSD 4.7 and PF with NAT and rdr

[basn]

Hi i just installed a new box with 4.7, i am having trouble getting port redirection to work.
In 4.6 i did:

Code:

rdr pass on $ext_if proto tcp from !<deny_ips> to $ext_if port 3389 -> machine port 3389

That wont work for me now days, so i tried the new versions that i could think of and been reading the Docs but i cant get a grip on it this is the current thing i got in my config:

Code:

pass in on egress inet proto tcp from <known_ips> to (egress) port 3389 rdr-to $machine

The thing is that i get the port filtered if i apply "keep synproxy" i get the port open but msrdp isnt working, what am i doing wrong since i cant seem to figure this out myself? thanks in advance.

[jggimi]

It is unclear to me if you get port forwarding when you do not use TCP Syn Proxy.

Is your egress group using a bridge(4)?

[basn]

ive been troubleshooting abit more and it looks like its the machine that im trying to forward to thats the troublemaker...

[jggimi]

See sections b and c in:

http://www.daemonforums.org/showthread.php?t=596

[wesley]

Hi

Why not take a tour at http://mouedine.net/ruleset47.aspx
It is a good sample to start and understand the PF syntax