On 6/9/06, Erik Norgaard <[EMAIL PROTECTED]> wrote:
Pat Maddox wrote:
> 188.8.131.52 runs a server on port 1234
> 184.108.40.206 should connect to this
> Both of them have PF rulesets that block off most traffic, keeping
> open the publically available ports I need open. In this case though,
> any traffic over this port should only be between these two machines.
> I've tried to set this up, but I keep getting operation not permitted,
> connection refused, and connection reset by peer errors. Thanks for
> any info.
It's quite difficult to tell which rule catches your packets without the
ruleset. Try this:
1) Add "log" to all block rules
2) Check you have keep state in pass rules
3) Check you have quick in your pass rules
If you have a default block policy, then you should generally have quick
in pass rules or you might have packets marked for passing being caught
later by a block rule.
I generally prefer having the default policy at top without quick, and
then set quick on rules taking an explicit action.
Okay, I got it working. On the client, the rule is
pass out quick on $EXT_IF inet proto tcp from $EXT_IF to $SERVER port
7721 keep state
and on the server, it's just the opposite
pass in quick on $EXT_IF inet proto tcp from $CLIENT to $EXT_IF port
7721 keep state
The only difference between that rule and the one I had earlier
includes a "flags S/SA" directive on each. Of course now I just tried
adding the flags and it works...I'm guessing because the state was
If I add "flags S/SA" is there any reason that'd cause problems. It
seems to work fine right now, but didn't earlier - though perhaps I
had a typo or something.
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"