I appreciated that. But what about if the both prv_if -- LAN private interface > dmz_if -- DMZ interface are not on the same network segment. This is what I > meant, prv_if = 192.168.1.0/24 dmz_if = 192.168.2.0/24
sorry if I am asking for too much. I am just newbie that is trying to learn. Thanks in advanced anyway. Remain Bless. --- On Tue, 11/17/09, Siju George <[email protected]> wrote: From: Siju George <[email protected]> Subject: Re: [BSD-INDIA] dmz zone To: "BSD users in India" <[email protected]> Date: Tuesday, November 17, 2009, 3:45 AM On Mon, Nov 16, 2009 at 11:24 PM, M E <[email protected]> wrote: > > hello guys, > Is there anyone that care to share an OpenBSD pf configuration with me ? > I am trying to set up a network which will include a demilitirized zone. >Here is my network scenerio : > > ext_if -- external interface, connects the firewall to the outside world > prv_if -- LAN private interface > dmz_if -- DMZ interface > writing one for you :-) assuming the interfaces are vr0,vr1 and vr2 prv_if="vr0" dmz_if="vr1" ext_if="vr2" rfcpriv_nets="{ 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }" webserver="192.168.1.10" mailserver="192.168.1.11" set skip on { lo0, $dmz_if } nat on $ext_if from $prv_if:network to any -> ($ext_if) nat on $ext_if from $dmz_if:network to any -> ($ext_if) rdr on $ext_if from !$rfcpriv_nets to any port { 80, 443 } -> 192.168.1.10 port { 80, 443 } rdr on $ext_if from !$rfcpriv_nets to any port { 25, 110 } -> 192.168.1.11 port { 25, 110 } block in quick on $ext_if from $rfcpriv_nets to any block out quick on $ext_if from any to $rfcpriv_nets block in quick on $prv_if from $dmz_if:network to any block all pass in on $prv_if from $prv_if:network to any pass out on $prv_if from $ $prv_if to any pass in on $ext_if from any port { 25, 80, 110, 443 } to any pass out on $ext_if from any to any flags S/SA modulate state. _______________________________________________ bsd-india mailing list [email protected] http://www.bsd-india.org/mailman/listinfo/bsd-india
_______________________________________________ bsd-india mailing list [email protected] http://www.bsd-india.org/mailman/listinfo/bsd-india
