In the below pf configuration and below is the error I got .
pf
prv_if="fxp0"
dmz_if="rl1"
ext_if="rl0"
rfcpriv_nets="{ 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }"
webserver="192.168.1.32"
#mailserver="192.168.2.125"
set skip on { lo0, $dmz_if }
nat on $ext_if from 192.168.1.0/24 to any -> ($ext_if)
nat on $ext_if from $dmz_if:network to any -> ($ext_if)
rdr on $ext_if from !$rfcpriv_nets to any port { 80, 443 } -> \
192.168.2.125 port { 80, 443 }
#rdr on $ext_if from !$rfcpriv_nets to any port { 25, 110 } -> \
#192.168.2.125 port { 25, 110 }
block in quick on $ext_if from $rfcpriv_nets to any
block out quick on $ext_if from any to $rfcpriv_nets
block in quick on $prv_if from $dmz_if:network to any
block all
pass in on $prv_if from $prv_if:network to any
pass out on $prv_if from $prv_if to any
pass in on $ext_if from any port { 25, 80, 110, 443 } to any
pass out on $ext_if from any to any flags S/SA modulate state
error
====
pf.conf.dmz1:15: syntax error
pf.conf.dmz1:30: port only applies to tcp/udp
pf.conf.dmz1:30: skipping rule due to errors
pf.conf.dmz1:30: port only applies to tcp/udp
pf.conf.dmz1:30: skipping rule due to errors
pf.conf.dmz1:30: port only applies to tcp/udp
pf.conf.dmz1:30: skipping rule due to errors
pf.conf.dmz1:30: port only applies to tcp/udp
pf.conf.dmz1:30: skipping rule due to errors
pf.conf.dmz1:30: rule expands to no valid combination
pfctl: Syntax error in config file: pf rules not loaded
can anyone help me in fixing the error.
Thanks
--- On Wed, 11/18/09, Siju George <[email protected]> wrote:
From: Siju George <[email protected]>
Subject: Re: [BSD-INDIA] dmz zone
To: "BSD users in India" <[email protected]>
Date: Wednesday, November 18, 2009, 7:09 AM
On Tue, Nov 17, 2009 at 3:15 PM, M E <[email protected]> wrote:
>
> I appreciated that. But what about if the both prv_if -- LAN private interface
> > dmz_if -- DMZ interface are not on the same network segment. This is what I
> > meant,
> prv_if = 192.168.1.0/24
> dmz_if = 192.168.2.0/24
>
try 192.1168.1.0/24 instead of $prv_if:network
> sorry if I am asking for too much. I am just newbie that is trying to learn.
> Thanks in advanced anyway.
>
Dont worry about asking :-)
I learned the stuff the same way.
--Siju
_______________________________________________
bsd-india mailing list
[email protected]
http://www.bsd-india.org/mailman/listinfo/bsd-india
_______________________________________________
bsd-india mailing list
[email protected]
http://www.bsd-india.org/mailman/listinfo/bsd-india
