On 25 September 2013 16:40, Adelin Balou < [email protected]> wrote:
> Dear Sir/Madame, > > > I am a student in pending Master's degree in Network and Security at > University of Valenciennes (France), I am currently encountering problems > while setting up a Firewall with Packet Filter on OpenBSD 5.3. > > > I wall a PC with 3 network interfaces ( xl0 : connected to WAN , xl1 : > connected to WLAN , xl2 : connected to LAN ). I need that this PC works > like a > firewall. I have installed OpenBSD and setting up rules in /etc/pf.conf > (please to find attached to this mail my pf.conf file it is commented in > French, if any questions just let me know). > > > The problem is : The Firewall has Internet and hosts on WLAN and LAN can't > connect to internet. > I don't know if my NAT and Filtering rules are not > matching. Add the 'log' keyword to the rules you want to verify and run tcpdump on the pflog0 interface. When you're done, don't forget to remove the log keyword, or you might end up filling your disk with logs. Another way to see if it matches is to look at the counters for each rule when running pfctl -vvsr > My /etc/resolv.conf has an ADSL internet Box address and DNS is > working correctly. My xl0 interface has got IP from DHCP server from the > ADSL > Internet Box so no need to create a file /etc/mygate to specify the ADSL > Internet Box default gateway. The command route show shows me my default > gateway. > > > I have contacted http://www.evolix.fr/ one of the OpenBSD support link > http://www.openbsd.org/support.html in Marseille (France) they have read > the > file but they can't find the problem. I will be grateful if you could help > me. > > > Please find attached my pf.conf file. > > > I am looking forward to reading from you as soon as possible. > > > Kind regards, > > > > -- Adelin Balou > Etudiant en 2ème Année de Master Sécurité et Réseaux. > Institut des Sciences et Techniques de Valenciennes > Université de Valenciennes et du Hainaut-Cambrésis > Téléphone : +33 3 27 27 07 22 > Mobile : +33 6 17 46 10 72 > > [demime 1.01d removed an attachment of type application/octet-stream which > had a name of pf.conf]
