I do and have booted since. Reagrds. 2009/5/10 Tony Abernethy <t...@servacorp.com>
> Dorian B|ttner wrote: > > Jean-Frangois SIMON schrieb: > > > Hello James, > > > If no output to parse means no errors, and verbose mode > > just repeat all the > > > lines of the pf.conf, then yes it parses. > > > > > > pflog0 keeps silent, nothing in here while trying to > > connect from the subnet > > > to the internet. > > > > > > 2009/5/10 James Records <james.reco...@gmail.com> > > > > > > > > >> Does your pf.conf parse? Try pfctl -nf /etc/pf.conf if > > it's not parsing it > > >> will not load and behave as you describe also tcpdump on the pflog > > >> > > > interface > > > > > >> as well to give yourself another data point > > >> > > >> J > > >> > > >> Sent from my iPhone > > >> > > >> On May 9, 2009, at 3:05 PM, Jean-Frangois SIMON > > <jfsimon1...@gmail.com> > > >> wrote: > > >> > > >> Sorry for forgotting the rest, here you are : > > >> > > >>> ext_if is actlually working, configures to an adsl box > > using DHCP and > > >>> actually lynx displays pages. > > >>> > > >>> int_if is the local network that I want to go through > > openbsd box to > > >>> access > > >>> to internet so I can filter with pf. > > >>> > > >>> The configuration is a standard nat rule + packet > > forwarding between the > > >>> two > > >>> interfaces so called em0 and em1 resp ext_if and int_if. > > >>> > > >>> As indicated before, I have pf enables, inet forward > > lines uncommented in > > >>> sysctl.con > > >>> > > >>> Packets are received on int_if but not forwarded to ext_if. > > >>> > > >>> Did I miss something ? Here below pf.conf > > >>> > > >>> 2009/5/9 Robert <rob...@openbsd.pap.st> > > >>> > > >>> On Sat, 9 May 2009 22:52:32 +0200 > > >>> > > >>>> Jean-Frangois SIMON <jfsimon1...@gmail.com> wrote: > > >>>> # cat /etc/pf.conf > > >>>> # $OpenBSD: pf.conf,v 1.38 2009/02/23 01:18:36 > > deraadt Exp $ > > >>>> # > > >>>> # See pf.conf(5) for syntax and examples; this sample > > ruleset uses > > >>>> # require-order to permit mixing of NAT/RDR and filter rules. > > >>>> # Remember to set net.inet.ip.forwarding=1 and/or > > >>>> net.inet6.ip6.forwarding=1 > > >>>> # in /etc/sysctl.conf if packets are to be forwarded > > between interfaces. > > >>>> > > >>>> ext_if="em0" > > >>>> int_if="em1" > > >>>> > > >>>> set loginterface $ext_if > > >>>> set require-order no > > >>>> set skip on lo > > >>>> scrub in all > > >>>> > > >>>> # NAT/filter rules and anchors for ftp-proxy(8) > > >>>> #nat-anchor "ftp-proxy/*" > > >>>> #rdr-anchor "ftp-proxy/*" > > >>>> nat on $ext_if from ($int_if:network) -> ($ext_if) > > >>>> #rdr pass on ! egress proto tcp to port ftp -> 127.0.0.1 > > port 8021 > > >>>> #anchor "ftp-proxy/*" > > >>>> #pass out proto tcp from $proxy to any port ftp > > >>>> > > >>>> # NAT/filter rules and anchors for relayd(8) > > >>>> #rdr-anchor "relayd/*" > > >>>> #anchor "relayd/*" > > >>>> > > >>>> # NAT rules and anchors for spamd(8) > > >>>> #table <spamd-white> persist > > >>>> #table <nospamd> persist file "/etc/mail/nospamd" > > >>>> #no rdr on egress proto tcp from <nospamd> to any port smtp > > >>>> #no rdr on egress proto tcp from <spamd-white> to any port smtp > > >>>> #rdr pass on egress proto tcp from any to any port smtp > > -> 127.0.0.1 port > > >>>> spamd > > >>>> > > >>>> #block in > > >>>> pass in > > >>>> pass out > > >>>> > > >>>> #pass in on $int_if proto tcp to any port 80 > > >>>> > > >>>> #block in quick from urpf-failed to any # use with care > > >>>> > > >>>> # By default, do not permit remote connections to X11 > > >>>> block in on ! lo0 proto tcp from any to any port 6000 > > >>>> > > >>>> antispoof for ext_if > > >>>> > > >>>> Hello, > > >>>> > > >>>>> Please can you help me with this : > > >>>>> > > >>>>> I just installed the 4.5 OpenBSD, set up the inet forwarding for > > >>>>> unicast and multicase, include the standard NAT rule in > > pf.conf such > > >>>>> as : nat on $ext_if from ($int_if:network) -> ($ext_if) > > >>>>> enable pf > > >>>>> check with pfctl -s nat that the correct rule is set. > > >>>>> > > >>>>> That does not work, with tcpdump i see that packets are not > > >>>>> forwarded, i see them on int_if but not on ext_if. > > >>>>> > > >>>>> Can you give me some help to find out where the problem is ? > > >>>>> > > >>>>> Thanks. > > >>>>> > > >>>>> > > >>>> Because you dont have a pass rule they get blocked? > > >>>> Guessing only goes so far. > > >>>> > > >>>> Tell us what you want to do. > > >>>> Tell us what you tried to get it working. > > >>>> Tell us what is in your relevant configs. > > >>>> > > >>>> Perhaps then someone can tell you what to do. > > >>>> > > >>>> - Robert > > >>>> > > Do you have sysctl net.inet.ip.forwarding=1? As described on > > top of pf.conf? > > > Have you booted since?
