Did you enable PF in /etc/rc.conf? (pf=YES) If so, have you rebooted or ran "pfctl -e" since then? Sometimes I get my head in too far and I forget to do the basics.
One thing that helps me is to start simple then slowly add then test most features. Some of my favorite commands for troubleshooting PF are: tcpdump -n -e -ttt -i pflog0 Then I reference that with my rule numbers by using: pfctl -vvsr For the two above to be effective, you should use the log keyword with your rules. Then you can see if your rules are being skipped or hit as desired. This may seem strange, but are the packets hitting your $IntIF? (tcpdump) I've had this happen on an OpenBSD laptop of mine the other day. The laptop switches IP networks all the time and I was being pretty sloppy. Somehow it wasn't sending packets to the gateway. There was some old stuff in my routing table I think. I just did a "route flush" then "sh /etc/netstart" and then it seemed to work fine. Good luck, -Russ On Sun, 21 Mar 2004, simon --- wrote: > > Hi > > I have been struggling with this for a while . I trying to build pf firewall that > acts as a NAT . > > It has two ports whos characteristics are > > 1. Outside internet port $ExtIF = "ne" > > Gets handed its ip address by dhcp server at > 192.168.3.1. This all works because you can surf the > internet from this machine. > > 2. Inside network port $IntIF ="fxpo" > > This port has a dhcp server running on it . > Machines on this port can get receive their connection > details via dhcp . This all works machines connected to > this port via a network cable can ping the gateway > address which is 192.168.2.1 and make connection to the > the firewall. > > The problem is packets dont seem to route across the firewall. > > Please can some read my pf.conf and see if there any mistakes in it and provide me > with some advice. > > I have also included a dump from doing sysctl -a > > Thank you for your help and assistance . > > Best wishes > > Simon Batchelor > > email [EMAIL PROTECTED] > <cut>
