Jean-Frangois SIMON schrieb:
Hello James,
If no output to parse means no errors, and verbose mode just repeat all the
lines of the pf.conf, then yes it parses.
pflog0 keeps silent, nothing in here while trying to connect from the subnet
to the internet.
2009/5/10 James Records <james.reco...@gmail.com>
Does your pf.conf parse? Try pfctl -nf /etc/pf.conf if it's not parsing it
will not load and behave as you describe also tcpdump on the pflog
interface
as well to give yourself another data point
J
Sent from my iPhone
On May 9, 2009, at 3:05 PM, Jean-Frangois SIMON <jfsimon1...@gmail.com>
wrote:
Sorry for forgotting the rest, here you are :
ext_if is actlually working, configures to an adsl box using DHCP and
actually lynx displays pages.
int_if is the local network that I want to go through openbsd box to
access
to internet so I can filter with pf.
The configuration is a standard nat rule + packet forwarding between the
two
interfaces so called em0 and em1 resp ext_if and int_if.
As indicated before, I have pf enables, inet forward lines uncommented in
sysctl.con
Packets are received on int_if but not forwarded to ext_if.
Did I miss something ? Here below pf.conf
2009/5/9 Robert <rob...@openbsd.pap.st>
On Sat, 9 May 2009 22:52:32 +0200
Jean-Frangois SIMON <jfsimon1...@gmail.com> wrote:
# cat /etc/pf.conf
# $OpenBSD: pf.conf,v 1.38 2009/02/23 01:18:36 deraadt Exp $
#
# See pf.conf(5) for syntax and examples; this sample ruleset uses
# require-order to permit mixing of NAT/RDR and filter rules.
# Remember to set net.inet.ip.forwarding=1 and/or
net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
ext_if="em0"
int_if="em1"
set loginterface $ext_if
set require-order no
set skip on lo
scrub in all
# NAT/filter rules and anchors for ftp-proxy(8)
#nat-anchor "ftp-proxy/*"
#rdr-anchor "ftp-proxy/*"
nat on $ext_if from ($int_if:network) -> ($ext_if)
#rdr pass on ! egress proto tcp to port ftp -> 127.0.0.1 port 8021
#anchor "ftp-proxy/*"
#pass out proto tcp from $proxy to any port ftp
# NAT/filter rules and anchors for relayd(8)
#rdr-anchor "relayd/*"
#anchor "relayd/*"
# NAT rules and anchors for spamd(8)
#table <spamd-white> persist
#table <nospamd> persist file "/etc/mail/nospamd"
#no rdr on egress proto tcp from <nospamd> to any port smtp
#no rdr on egress proto tcp from <spamd-white> to any port smtp
#rdr pass on egress proto tcp from any to any port smtp -> 127.0.0.1 port
spamd
#block in
pass in
pass out
#pass in on $int_if proto tcp to any port 80
#block in quick from urpf-failed to any # use with care
# By default, do not permit remote connections to X11
block in on ! lo0 proto tcp from any to any port 6000
antispoof for ext_if
Hello,
Please can you help me with this :
I just installed the 4.5 OpenBSD, set up the inet forwarding for
unicast and multicase, include the standard NAT rule in pf.conf such
as : nat on $ext_if from ($int_if:network) -> ($ext_if)
enable pf
check with pfctl -s nat that the correct rule is set.
That does not work, with tcpdump i see that packets are not
forwarded, i see them on int_if but not on ext_if.
Can you give me some help to find out where the problem is ?
Thanks.
Because you dont have a pass rule they get blocked?
Guessing only goes so far.
Tell us what you want to do.
Tell us what you tried to get it working.
Tell us what is in your relevant configs.
Perhaps then someone can tell you what to do.
- Robert
Do you have sysctl net.inet.ip.forwarding=1? As described on top of pf.conf?
