the bsd box is definitely online. quick ping to google gives 0 packet
loss.
On Oct 5, 2007, at 12:47 PM, James Mackinnon wrote:
with pf enabled and using a pass out keep state
from the BSD box, make sure it can hit the internet. this will
remove it as being an interface issue to start.
The NAT setup and the rules, based on the testing rules, should
allow this to work at this point, if it is not, go back to square 1
and test without PF from the bsd box to make sure it is connecting
to the internet properly to begin.
Make sure the clients have gateways, make sure the bsd box has a
gateway and all masks are correct.
Try doing traceroute's and working your way up
James
----- Original Message ----- From: "a.padilla" <[EMAIL PROTECTED]>
To: "Joe Gibbens" <[EMAIL PROTECTED]>
Cc: <misc@openbsd.org>
Sent: Friday, October 05, 2007 1:10 PM
Subject: Re: pf
I commented everything out except the nat rule and
"pass out keep state"
still nothing.
On Oct 5, 2007, at 11:04 AM, Joe Gibbens wrote:
I commented out "block in" for testing purposes. still, no success.
If you know what's wrong, please don' t just answer. I want to
understand the solution.
Start with nat routing, and then move to filtering.
Keep your nat rule, get rid of the filter fules you have now,
and put in a
default pass rule.
pass quick all.
Are you able to move traffic through the box now? If yes,
comment out the
default pass and start writing down what kinds of traffic you
want to allow.
--
Joe
