On Thu, Mar 12, 2009 at 8:11 PM, Marcel Dan <[email protected]> wrote:
> without looking at your rules, did you set the net.inet.ip.forwarding=1 in
> /etc/sysctl.conf as mentioned in the top of the pf.conf file you posted.
I did, but I doubled checked and sure enough it is set correctly.
> Also, consider installing pftopB so you can observe pf.
cool, I did not know about the tool. It is now installed, but I don't
know how to interpret the results. It looks like the results make it
in, but not out or something, I am not sure:
tcp In <my home>:62331 172.16.2.10:443
CLOSED:SYN_SENT
tcp Out <my home>:62331 172.16.2.10:443
SYN_SENT:CLOSED
As far as the rules, I am 99% sure that the firewall is 100% open, but
I still cannot connect. Here is the complete pf.conf file:
ext_if="dc0"
int_if="xl0"
tcp_services="{22, 113}"
icmp_types="echoreq"
ccdemo_ext = "74.219.229.214"
ccdemo_int = "172.16.2.10"
scrub in all
binat on $ext_if from $ccdemo_int to any -> $ccdemo_ext
#block in
pass out keep state
antispoof quick for { lo $int_if }
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port
$tcp_services flags S/SA keep state
pass in on $ext_if proto tcp from any to $ccdemo_int
pass in quick on $int_if
pass in quick on $ext_if
