On Fri, Dec 08, 2006 at 08:39:29AM -0600, Isaac Grover wrote: > ext_if="xl2" > ext_net=$ext_if:network > wireless_if="xl1" > wireless_if_addr="192.168.100.1" > wireless_net=$wireless_if:network > my_laptop="192.168.100.X"
Is that censored or really an X?
> table <other_clients> { $wireless_net, !$my_laptop }
No point in excluding your laptop because all your rules are permits.
> nat on $ext_if from <other_clients> to any port $tcp_services -> ($ext_if)
> nat on $ext_if from $my_laptop to any -> ($ext_if)
>
> rdr on $wireless_if inet proto tcp from $wireless_net to any port 80
> -> $wireless_if_addr port 3080
Try putting the "pass" keyword on these, it fixes things if you forget the
nat/rdr occurs before the filter rules.
> pass out on $ext_if inet proto tcp from $wireless_net to any port 3080
> keep state
> pass out on $ext_if inet proto tcp from <other_clients> to any port
> $tcp_services keep state
> pass out on $ext_if inet proto tcp from $my_laptop to any keep state
> pass out on $ext_if inet proto udp from $wireless_net to any port
> $udp_services keep state
> pass inet proto icmp from any to any
Feed your rules into pf and see what pfctl -s all says they expand to.
Redirect it to a file or use "screen" then "screen -r".
--
"Cryptography is nothing more than a mathematical framework for
discussing various paranoid delusions." -- Don Alvarez
<URL:http://www.subspacefield.org/~travis/> -><-
pgpFtDVRAzdrO.pgp
Description: PGP signature
