Hello all,
I recently stood up an OpenBSD server to replace and older ASA. I read the
faq and was interested in the packet tagging aspect because I have a DMZ and
it makes the rule set seem more readable to my brain..
In any case I have the following taken from the PF faqs on the OpenBSD
Hi, try this sample
_int = re0
_ext = fxp1
int_net = 192.168.200.0/24
set block-policy drop
set skip on lo
match in all scrub (no-df max-mss 1440)
match out on $_ext inet from $int_net to any nat-to (egress)
block log all
pass in on $_int inet proto udp from $int_net to any port domain
pass in on
Hi, thanks for replying
I was looking to use packet tagging though.
-Original Message-
From: Wesley M. [mailto:open...@e-solutions.re]
Sent: Thursday, November 03, 2011 6:20 AM
To: Bentley, Dain
Cc: misc@openbsd.org
Subject: Re: Packet Tagging issues with NAT in pf OBSD 4.9
On 2011-11-03, Bentley, Dain dbent...@nas.edu wrote:
Hello all,
I recently stood up an OpenBSD server to replace and older ASA. I read the
faq and was interested in the packet tagging aspect because I have a DMZ and
it makes the rule set seem more readable to my brain..
In any case I have
you aren't using tagging in your sample.
On 2011-11-03, Wesley M. open...@e-solutions.re wrote:
Hi, try this sample
_int = re0
_ext = fxp1
int_net = 192.168.200.0/24
set block-policy drop
set skip on lo
match in all scrub (no-df max-mss 1440)
match out on $_ext inet from $int_net to any
with NAT in pf OBSD 4.9
you aren't using tagging in your sample.
On 2011-11-03, Wesley M. open...@e-solutions.re wrote:
Hi, try this sample
_int = re0
_ext = fxp1
int_net = 192.168.200.0/24
set block-policy drop
set skip on lo
match in all scrub (no-df max-mss 1440)
match out on $_ext inet
, November 03, 2011 6:53 AM
To: misc@openbsd.org
Subject: Re: Packet Tagging issues with NAT in pf OBSD 4.9
you aren't using tagging in your sample.
On 2011-11-03, Wesley M. open...@e-solutions.re wrote:
Hi, try this sample
_int = re0
_ext = fxp1
int_net = 192.168.200.0/24
set block
: Re: Packet Tagging issues with NAT in pf OBSD 4.9
On Thu, Nov 3, 2011 at 12:26 PM, Bentley, Dain
dbent...@nas.edumailto:dbent...@nas.edu wrote:
Hello Stuart and thanks for your reply.
It still doesn't help, this seems to work but I'm not sure if this is a good
config:
# NAT RULES
match out
On Thu, Nov 3, 2011 at 1:33 PM, Bentley, Dain dbent...@nas.edu wrote:
Hello Axton...cool name by the way.
I noticed the match statements work for me as well, Perhaps it is
required?
This changed with 4.7: http://openbsd.org/faq/upgrade47.html#newPFnat
More details available here:
http://www.openbsd.org/faq/pf/tagging.html
From: Axton [axton.gr...@gmail.com]
Sent: Thursday, November 03, 2011 2:51 PM
To: Bentley, Dain
Cc: Stuart Henderson; misc@openbsd.org
Subject: Re: Packet Tagging issues with NAT in pf OBSD 4.9
On Thu, Nov 3, 2011 at 1
10 matches
Mail list logo
