My apologies. I did not know that my email program was set differently. I do
apologize. It was a honest mistake.
If I may repost here, in text format: (I did not repost all, just some of my
rules...just trying to get my box up and running)
Network info:
ISP = cable modem with dynamic IP, DHCP
OpenBSD 3.1 as the Router/Gateway---->running PF and NAT
4 Computers inside internal LAN--->1 Win2k box, 2 Linux and one BSD.
Not running any mail server, email or DNS server on my LAN.
LAN IP range is: 192.168.1.0/24
(I left out my blocks and sort as well as my scrubs...im comfortable with
them)
# silently drop broadcasts (cable modem noise)
block in quick on $ext_if from any to 255.255.255.255
block in log quick on $ext_if from { 10.0.0.0/8, 172.16.0.0/12,
192.168.0.0/16, 255.255.255.255/32 } to any (any other suggestions for
additions here?)
# ICMP
pass out on $ext_if inet proto icmp all icmp-type 8 code 0 keep state
pass in on $ext_if inet proto icmp all icmp-type 8 code 0 keep state
# UDP
pass out log on $ext_if proto udp all keep state
pass in on $ext_if proto udp from any to $ext_if keep state
pass in on $ext_if proto udp from any to any keep state
# TCP
pass out on $ext_if proto tcp all modulate state
pass in log on $ext_if proto tcp from any to any port { www, ftp, smtp, }
keep state
pass out log on $ext_if proto tcp from any to any port { www, ftp, ssh,
smtp, pop3, 110, 143, 147 } keep state
pass in log on $ext_if proto tcp from any to $ext_if
pass in log on $ext_if proto tcp from any to $ext_if keep state
Basically, I just want to allow my internal LAN desktops access to the
internet and the basic services: ftp, http, https, nntp, pop, smtp. Also,
i'd like to allow actions like nslookup, dig, whois etc.
Thanks everyone. I appreciate your input and help. If you have suggestions
or recommendations, please feel free to post them.
Jason
