Hello Jason,
Thank you for assisting me getting this together..
I do understand that translation happens before filtering (at least
think i do), what I dont understand is why the filtering is done with
pass in if traffic is actually going from within the int_if2 network
to the outside? Where is
On Tue, Jul 28, 2009 at 06:10:26PM -0500, Andres Salazar wrote:
Hello Jason,
Thank you for assisting me getting this together..
I do understand that translation happens before filtering (at least
think i do), what I dont understand is why the filtering is done with
pass in if traffic is
Andres,
I think the best way to understand it is to draw it out, lets say you have 2
interfaces em0 and em1,
Think of this (rough example of a really simple router setup):
Traffic em1 em0 internet
Like this:
Traffic (heading into em1) em1 (heading out of em1) (heading into em0)
em0
On Sat, Jul 25, 2009 at 9:23 PM, Jason Dixonja...@dixongroup.net wrote:
On Sat, Jul 25, 2009 at 09:41:45PM -0500, Andres Salazar wrote:
Hello OpenBSD-misc,
I have a newbie question in pf that Ive been trying to debug on what would
be wrong with my ruleset. Iam trying to have the users that
On Sun, Jul 26, 2009 at 12:58:08AM -0500, Andres Salazar wrote:
I apologize that my ruleset isnt very clear. Iam trying to put together a
ruleset that will allow the following access:
Outbound port 80 (web) 53 (domain) from users at $int_if via $ext_if
Outbound port 80 (web) 53 (domain)
I apologize that my ruleset isnt very clear. Iam trying to put together a
ruleset that will allow the following access:
Outbound port 80 (web) 53 (domain) from users at $int_if via $ext_if
Outbound port 80 (web) 53 (domain) 443 (ssl) 22 (ssh) from $int_if2
via $ext_if
Thank you for the help.
Thank you for the help, I believe that I already tried something similar and
could not access the internet behind $int_if, ot $int_if2. Traffic is
getting blocked by block all as per the following pflog1:
Jul 26 05:11:51.250502 rule 0/(match) block out on re1: 192.168.1.2.55533
190.40.3.10.53:
On Sun, Jul 26, 2009 at 12:14:53PM -0500, Andres Salazar wrote:
Thank you for the help, I believe that I already tried something similar and
could not access the internet behind $int_if, ot $int_if2. Traffic is
getting blocked by block all as per the following pflog1:
Jul 26 05:11:51.250502
Hello Jason,
I understood the purpose of allowing internet access for the firewall
itself. However this is exactly where Iam still stuck.
By doing this after our default block all:
pass out on $ext_if inet proto { tcp udp } from ($ext_if) to any \
port { 53 80 22 443 }
Iam actually
Hello Patrick,
I also tried your approach, but at the end it behaves the same.
Without the pass out i dont have internet in any of the two
interfaces, with it then I just have totally opened ports on both of
the interfaces. The restrictive port rules are being ignored.
Any help is much
On Sun, Jul 26, 2009 at 01:16:02PM -0500, Andres Salazar wrote:
Hello Jason,
I understood the purpose of allowing internet access for the firewall
itself. However this is exactly where Iam still stuck.
By doing this after our default block all:
pass out on $ext_if inet proto { tcp udp }
On Sun, Jul 26, 2009 at 4:02 PM, Andres Salazarndrsslz...@gmail.com wrote:
Hello Patrick,
I also tried your approach, but at the end it behaves the same.
Without the pass out i dont have internet in any of the two
interfaces, with it then I just have totally opened ports on both of
the
On Sat, Jul 25, 2009 at 09:41:45PM -0500, Andres Salazar wrote:
Hello OpenBSD-misc,
I have a newbie question in pf that Ive been trying to debug on what would
be wrong with my ruleset. Iam trying to have the users that are on $int_if
only have ports 80 52 opened out, and users on $int_if be
13 matches
Mail list logo