Re: Newbie Network/PF Question

Thu, 06 Jan 2011 06:30:48 -0800 

While we're piling on ...

I have three interfaces, vr0 is my internet (pppoe), vr1 and vr2 are
my internal networks.
This gives me a good mental picture ...

# packet filtering

block all

# pppoe0:network

pass out on pppoe0 inet from (pppoe0) to any
pass out on pppoe0 inet from vr1:network nat-to (pppoe0)
pass out on pppoe0 inet from vr2:network nat-to (pppoe0)

# vr1:network

pass in on vr1 inet from vr1:network to any
pass out on vr1 inet from vr1 to vr1:network
pass out on vr1 inet from vr2:network to vr1:network

# vr2:network

pass in on vr2 inet from vr2:network to any
pass out on vr2 inet from vr2 to vr2:network
pass out on vr2 inet from vr1:network to vr2:network

... add echo, port rules, etcetera as necessary.
I think that does pretty much what you want - my setup is ziggactly the same.

Best wishes.

Reply via email to