Hi all,
I've just learning to use PF rules on OpenBSD..
Now I have some problem..
How to write rule to allow private network to access external website..??..
Maybe sound like stupid question.. But I have tried for a while and it
doesn't work..
My PF rule is..
##################################################################
## INHOUSE
inh_if = "em1"
inh_if_addr = "192.168.1.2/32"
inh_addr = "192.168.1.0/24"
## STAGING
stg_if = "em2"
stg_if_addr = "192.168.202.55/32"
stg_addr = "192.168.202.0/24
############## RULES ##############
pass in quick on $inh_if proto tcp \
from $inh_addr to $stg_addr port 80 keep stat
##################################################################
I try to access website from Inhouse to Staging.
After try for while, I couldn't get the correct result. I check
on the log. I found the error message.
##################################################################
Apr 01 00:12:51.240881 rule 0/(match) block in on em2:
192.168.202.71.80 > 192.168.1.81.1072: S 940788554:940788554(0) ack
100234888 win 17520 <mss 1460,nop,nop,sackOK> (DF)
Apr 01 00:12:51.548440 rule 0/(match) block in on em2:
192.168.202.71.80 > 192.168.1.81.1072: . ack 1 win 17520 (DF)
Apr 01 00:12:57.256379 rule 0/(match) block in on em2:
192.168.202.71.80 > 192.168.1.81.1072: S 940788554:940788554(0) ack
100234888 win 17520 <mss 1460,nop,nop,sackOK> (DF)
Apr 01 00:12:58.110846 rule 0/(match) block in on em2:
192.168.202.71.80 > 192.168.1.81.1072: . ack 1 win 17520 (DF)
##################################################################
So, the firewall block packet out from em2.
Do I need to open the rule to enable the packet out from em2?
If yes, Did I have to open at least 2 line (one in, one out) for one task?
Thanks for advance..
Thitiporn
