Dear teams,
Im using OpenBSD4.1 for my gateway..
I've set my PF.conf for my client (there are 40 DMZ clients).
[DMZ]-----------[Gateway]-----------[router]
like this:
ext="bge0"
int="bge1"
dalem="203.190.245.0/24"
set optimization aggressive
set limit { frags 100000, states 150000 }
table <agra> { 218.100.4.0/24, \
203.190.245.0/24, \
203.190.247.3/32, \
202.152.224.0/24, \
202.152.162.221, \
202.152.162.230, \
202.3.208.1, \
203.190.240.134, \
202.149.66.137 }
prot="{ 80 443 53 25 110 }"
protq="{ 80 443 53 25 110 22 }"
scrub in all
block in log quick on $int proto icmp from $dalem to !<agra> icmp-type 0 code
0
pass in quick on $int proto udp from $dalem to any port 33433 >< 33626
pass in quick on $ext proto udp from $dalem to any port 33433 >< 33626
pass proto icmp all
block return in log quick on $ext proto tcp from ! <agra> to $dalem port ssh
block return out log quick on $ext proto tcp from $dalem to 127.0.0.1
#pass in on $ext all
pass in quick on bge0
pass out quick on $int proto { tcp udp } from any to $dalem port $prot
pass in quick on $int proto { tcp udp } from $dalem to any port $protq
pass out on $ext all
block return out log on $int inet from ! <agra> to $dalem
block return in log on $int inet proto tcp from $dalem to ! <agra> port ssh
I have tested these gateway with 1 client and everything's alright.. all rules
working well.
But situation turned worse when I used it for real conditions, 40 servers with
high traffic connected to the gateway.
Problems occured, from gateway to DMZ there were many loss of packets when I
try to ping.
And some hours later, everything were down. There's no any packets passed,
even I change to /pass in all. pass out all/.
thats my problems,
your reply will do help me.
Thank you.
Dika_
.indonesian
