On Mon, Nov 16, 2009 at 11:24 PM, M E <[email protected]> wrote:
>
> hello guys,
> Is there anyone that care to share an OpenBSD pf configuration with me ?
> I am trying to set up a network which will include a demilitirized zone.
>Here is my network scenerio :
>
> ext_if -- external interface, connects the firewall to the outside world
> prv_if -- LAN private interface
> dmz_if -- DMZ interface
>
writing one for you :-)
assuming the interfaces are vr0,vr1 and vr2
prv_if="vr0"
dmz_if="vr1"
ext_if="vr2"
rfcpriv_nets="{ 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }"
webserver="192.168.1.10"
mailserver="192.168.1.11"
set skip on { lo0, $dmz_if }
nat on $ext_if from $prv_if:network to any -> ($ext_if)
nat on $ext_if from $dmz_if:network to any -> ($ext_if)
rdr on $ext_if from !$rfcpriv_nets to any port { 80, 443 } ->
192.168.1.10 port { 80, 443 }
rdr on $ext_if from !$rfcpriv_nets to any port { 25, 110 } ->
192.168.1.11 port { 25, 110 }
block in quick on $ext_if from $rfcpriv_nets to any
block out quick on $ext_if from any to $rfcpriv_nets
block in quick on $prv_if from $dmz_if:network to any
block all
pass in on $prv_if from $prv_if:network to any
pass out on $prv_if from $ $prv_if to any
pass in on $ext_if from any port { 25, 80, 110, 443 } to any
pass out on $ext_if from any to any flags S/SA modulate state.
_______________________________________________
bsd-india mailing list
[email protected]
http://www.bsd-india.org/mailman/listinfo/bsd-india
