Hi everyone
I've got a simple router set up as home, replacing an old US Robotics
8000. I set up NAT translation with pf. I have the following rules:
-- begin /etc/pf.conf --
red_if=ne3
green_if=fxp0
dmz_host=192.168.0.102
dmz_ports={1024:65535}
local_public_services={, 8080}
set skip on lo
# NAT
nat on $red_if from $green_if:network to any - ($red_if)
# Local public services
rdr on $red_if proto tcp from any to any port $local_public_services -
127.0.0.1
# DMZ Host
rdr on $red_if proto tcp from any to any port $dmz_ports - $dmz_host
-- end /etc/pf.conf --
green_if is the interface to my local network, red_if is the interface
to the internet. the ne3 is configured as DHCP. The DMZ host is meant
for my computer, because I run a lot of software that require alot of
open ports, so I always set it up as a DMZ host (as like I did with the
US Robotics router). The local_public_servers is for two servers running
on the router itself, prohibiting it being forwarded to the dmz_host.
Now there is one issue remaining, for some reason I cannot surf the
internet, make an FTP connection, etc... from the router itself. When
try to surf the internet lynx hangs at making http connection to x. So
how do I fix this? Is there some problem with my network configuration,
or did I configure something wrong in pf.conf?
Thanks!
Best Regards
Glenn Matthys
Some other information that might be useful:
# route -n show
Routing tables
Internet:
DestinationGatewayFlagsRefs UseMtu
Interface
default81.164.128.1 UGS 0 915573 - ne3
81.164.128/20 link#2 UC 00 - ne3
81.164.128.1 00:30:b8:c1:85:20 UHLc00 - ne3
81.164.133.29 127.0.0.1 UGHS00 33224 lo0
127/8 127.0.0.1 UGRS00 33224 lo0
127.0.0.1 127.0.0.1 UH 0 153 33224 lo0
192.168.0/24 link#1 UC 00 - fxp0
192.168.0.102 00:11:09:cb:62:5c UHLc0 1556226 - L fxp0
224/4 127.0.0.1 URS 00 33224 lo0
Internet6:
DestinationGatewayFlags
Refs UseMtu Interface
::/104 ::1UGRS
00 - lo0
::/96 ::1UGRS
00 - lo0
::1::1UH
00 33224 lo0
::127.0.0.0/104::1UGRS
00 - lo0
::224.0.0.0/100::1UGRS
00 - lo0
::255.0.0.0/104::1UGRS
00 - lo0
:::0.0.0.0/96 ::1UGRS
00 - lo0
2002::/24 ::1UGRS
00 - lo0
2002:7f00::/24 ::1UGRS
00 - lo0
2002:e000::/20 ::1UGRS
00 - lo0
2002:ff00::/24 ::1UGRS
00 - lo0
fe80::/10 ::1UGRS
00 - lo0
fe80::%fxp0/64 link#1 UC
00 - fxp0
fe80::280:5fff:feb7:7a44%fxp0 00:80:5f:b7:7a:44 UHL
00 - lo0
fe80::%ne3/64 link#2 UC
00 - ne3
fe80::240:caff:fe10:fcb%ne300:40:ca:10:0f:cb UHL
00 - lo0
fe80::%lo0/64 fe80::1%lo0U
00 - lo0
fe80::1%lo0link#6 UHL
00 - lo0
fec0::/10 ::1UGRS
00 - lo0
ff01::/32 ::1UC
00 - lo0
ff02::%fxp0/32 link#1 UC
00 - fxp0
ff02::%ne3/32 link#2 UC
00 - ne3
ff02::%lo0/32 ::1UC
00 - lo0
#
# cat /etc/hostname.fxp0
inet 192.168.0.2 255.255.255.0 NONE
#
# cat /etc/hostname.ne3
dhcp NONE NONE NONE
#
and a dmesg for completeness' sake
# dmesg
OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium/MMX (GenuineIntel
