[EMAIL PROTECTED]([EMAIL PROTECTED])@2008.11.14 11:16:17 +0100:
>
> if have been fighting with this problem too, i think it's not so
> well dokumented for n00b's in the online-documentation - i suggest
> good book would help you alot more ...
>
No luck. In my case, looking at the tcpdump output the firewall sends
host $ext_if not reachable to the peer. Why does it do that instead of
passing the packet to the internal machine? Here's my file:
ext_if="dc0"
int_if="fxp0"
wlan_if="ral0"
set skip on lo
scrub in
altq on $ext_if priq bandwidth 700Kb queue { q_pri, q_def }
queue q_pri priority 7
queue q_def priority 1 priq(default)
rdr pass on $ext_if proto {tcp,udp} from any to any port 5000:5009 -> \
192.168.0.4 port 5000:5009
nat pass on $ext_if inet from $int_if:network to any -> ($ext_if)
nat pass on $ext_if inet from $wlan_if:network to any -> ($ext_if)
#pass in on $ext_if proto {tcp,udp} from any to any port 5000
block all
pass in on $int_if from 192.168.0.0/24 to any
pass out on $int_if from 192.168.0.0/24 to any
pass in on $wlan_if from 192.168.1.0/24 to any
pass out on $wlan_if from 192.168.1.0/24 to any
antispoof quick for {lo, $int_if}
pass in on $ext_if proto icmp to any queue (q_def, q_pri)
pass out on $ext_if proto {udp, icmp} to any queue (q_def, q_pri)
table <bruteforce> persist
block quick from <bruteforce>
pass inet proto tcp from any to $ext_if port 22 \
flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 5/3, \
overload <bruteforce> flush global)
pass out on $ext_if proto {tcp, udp} from $ext_if to any flags S/SA \
keep state queue (q_def, q_pri)
pass in on $ext_if proto udp to ($ext_if) port 53 queue (q_def, q_pri)
block in quick on $ext_if proto {tcp,udp} to port 111
block in quick on $ext_if proto {tcp,udp} to port 631
block in quick on $ext_if proto tcp to port 514
>
>
