Hi, I changed PF's default rule in kernel (pf_ioctl.h). And than i restarted my server. After that server started successfully and then internal network (behind the NAT) wasn't access the external network.
Rules: pass in log quick all pass out log quick all Nat rule is: nat pass on em0 inet all -> 192.168.1.1 I changed filtering and NAT rules like these. But it's not working. And then i added log line for default rule in pf_ioctl.h pf_default_rule.log = PF_LOG; And then i see the blocking logs on pflog0 with the same rule set. 2007-11-16 15:03:19.291742 rule 4294967295/0(match): block out on em0: .... ICMP ... 192.168.1.1 > 192.168.1.36: ICMP echo request So, I removed the pass option in the nat rule and suddenly started to working. >From the Man page of pf.conf: Packets that match a translation rule are only automatically passed if the /pass/ modifier is given, otherwise they are still subject to /block/ and /pass/ rules. But, i think it's not working as desribed above. Nat's pass option depends the PF's default rule in the kernel. Is there anything i missed or wrong? Thanks. N. Ersen SISECI http://www.enderunix.org EnderUNIX SDT @ Turkey _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
