Re: super simple pf.conf that doesn't work as expected.

2008-11-27 Thread Daniel Hartmeier
On Wed, Nov 26, 2008 at 12:52:47PM -0600, Patric wrote: > ext_if = "xl2" > int_if = "xl1" > localnet = $int_if:network > nat on $ext_if from $localnet to any -> ($ext_if) > pass from { lo0, $localnet } to any keep state > __ > > this is pretty much the most basic natting p

Re: super simple pf.conf that doesn't work as expected.

2008-11-26 Thread Jason Dixon
On Wed, Nov 26, 2008 at 04:16:30PM -0600, Patric wrote: > On Wed, 2008-11-26 at 14:37 -0500, Jason Dixon wrote: > > On Wed, Nov 26, 2008 at 12:52:47PM -0600, Patric wrote: > > > My current pf.conf > > > > > > __ > > > ext_if = "xl2" > > > int_if = "xl1" > > > localnet = $in

Re: super simple pf.conf that doesn't work as expected.

2008-11-26 Thread Jason Dixon
On Wed, Nov 26, 2008 at 12:52:47PM -0600, Patric wrote: > My current pf.conf > > __ > ext_if = "xl2" > int_if = "xl1" > localnet = $int_if:network > nat on $ext_if from $localnet to any -> ($ext_if) > pass from { lo0, $localnet } to any keep state >

Re: super simple pf.conf that doesn't work as expected.

2008-11-26 Thread Jorge Valbuena
Super Simple File ... but ... Super Basic: pfctl -ef /etc/pf.conf If you reboot the system the rules start ? , and as Gary says pfctl -s ? http://www.openbsd.org/faq/pf/index.html Regards, jv Original-Nachricht > Datum: Wed, 26 Nov 2008 12:04:09 -0800 > Von: Gary <[EMAI

RE: super simple pf.conf that doesn't work as expected.

2008-11-26 Thread Patric
: Wednesday, November 26, 2008 3:04 PM > To: pf@benzedrine.cx > Subject: Re: super simple pf.conf that doesn't work as expected. > > > Have you tried defining $localnet explicitly? Also, what do you see with > 'pfctl -s rules'? > > -Gary > # pfctl -vs ru

Re: super simple pf.conf that doesn't work as expected.

2008-11-26 Thread Patric
On Wed, 2008-11-26 at 14:37 -0500, Jason Dixon wrote: > On Wed, Nov 26, 2008 at 12:52:47PM -0600, Patric wrote: > > My current pf.conf > > > > __ > > ext_if = "xl2" > > int_if = "xl1" > > localnet = $int_if:network > > nat on $ext_if from $localnet to any -> ($ext_if) > > p

Re: super simple pf.conf that doesn't work as expected.

2008-11-26 Thread Patric
On Wed, 2008-11-26 at 12:52 -0600, Patric wrote: > My current pf.conf > > __ > ext_if = "xl2" > int_if = "xl1" > localnet = $int_if:network > nat on $ext_if from $localnet to any -> ($ext_if) > pass from { lo0, $localnet } to any keep state > __ > >

Re: super simple pf.conf that doesn't work as expected.

2008-11-26 Thread Patric
On Wed, 2008-11-26 at 12:04 -0800, Gary wrote: > Have you tried defining $localnet explicitly? Also, what do you see with > 'pfctl -s rules'? > > -Gary > # pfctl -s rules pass inet6 from ::1 to any flags S/SA keep state pass on lo0 inet6 from fe80::1 to any flags S/SA keep state pass inet from 1

RE: super simple pf.conf that doesn't work as expected.

2008-11-26 Thread Morris, Roy
and do you have ip forwarding enabled? (sysctl.conf) net.inet.ip.forwarding=1 pfctl -vs rules -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gary Sent: Wednesday, November 26, 2008 3:04 PM To: pf@benzedrine.cx Subject: Re: super simple pf.conf that

Re: super simple pf.conf that doesn't work as expected.

2008-11-26 Thread Gary
Have you tried defining $localnet explicitly? Also, what do you see with 'pfctl -s rules'? -Gary

super simple pf.conf that doesn't work as expected.

2008-11-26 Thread Patric
My current pf.conf __ ext_if = "xl2" int_if = "xl1" localnet = $int_if:network nat on $ext_if from $localnet to any -> ($ext_if) pass from { lo0, $localnet } to any keep state __ this is pretty much the most basic natting pf.conf described in "The B