Daemon News Ezine | BSD News | BSD Mall | BSD Support Forum | BSD Advocacy | BSD Updates |
On 2004-10-21 at 22:49:14 Matteo Riondato wrote: > ext_if = "tun0" > wifi_if = "rl0" > eth_if = "fxp1" > wifi_net = "192.168.1.0/27" > eth_net = "192.168.0.0/29" > tcp_services = "{ 22, 80, 25, 4660 >< 4683, 6890 >< 6901 }" > icmp_types = "{ 0, 3, 8, 11 }" > scrub in all fragment reassemble > block drop all > pass quick on lo0 all > block drop in log quick on ! rl0 inet from 192.168.1.0/24 to any > block drop in log quick inet from 192.168.1.1 to any > block drop in quick on ! fxp1 inet from 192.168.0.0/24 to any > block drop in quick inet from 192.168.0.1 to any > pass in on tun0 inet proto tcp from any to 82.52.115.76 port = ssh flags S/SA keep state > pass in on tun0 inet proto tcp from any to 82.52.115.76 port = http flags S/SA keep state > pass in on tun0 inet proto tcp from any to 82.52.115.76 port = smtp flags S/SA keep state > pass in on tun0 inet proto tcp from any to 82.52.115.76 port 4660 >< 4683 flags S/SA keep state > pass in on tun0 inet proto tcp from any to 82.52.115.76 port 6890 >< 6901 flags S/SA keep state > pass inet proto icmp all icmp-type echorep > pass inet proto icmp all icmp-type unreach > pass inet proto icmp all icmp-type echoreq > pass inet proto icmp all icmp-type timex > pass in on rl0 inet from 192.168.1.0/27 to any keep state > pass out on rl0 inet from any to 192.168.1.0/27 keep state > pass in on fxp1 inet from 192.168.0.0/29 to any keep state > pass out on fxp1 inet from any to 192.168.0.0/29 keep state > pass in on rl0 inet from 192.168.1.200 to 192.168.1.1 keep state > pass out on rl0 inet from 192.168.1.1 to 192.168.1.200 keep state > pass out on tun0 proto tcp all flags S/SA modulate state > pass out on tun0 proto udp all keep state > pass out on tun0 proto icmp all keep state Hm, so your rules seem to be okay. Do I miss something, or don't I see any NAT rule in there? Next question is: what happens if you manually run /etc/rc.d/pf start or reload?
Attachment:
pgp9Ew9znyq9S.pgp
Description: PGP signature