PF Weirdness
Ansar Mohammed
ansarm at gmail.com
Wed May 16 01:51:14 UTC 2007
Hello All,
See the following pf.conf file; weirdness is abound since I cannot connect
to the internal host "antares" from only some remote networks behind
firewalls. Funny enough I thought it was an MTU issue so I dropped max-mss
all the way down to 700 but still to no avail.
Any ideas?
ext_if="tun0"
int_if="rl0"
internal_net="192.168.2.0/24"
external_addr="10.248.190.95"
internal_addr="192.168.2.1"
#IP Address Assignments
ip121_addr="10.248.188.121"
#Internal Host Assignments
antares="192.168.2.10"
www="192.168.2.3"
mail="192.168.2.13"
scrub in all max-mss 1400
rdr on $ext_if proto tcp from any to ($ext_if) port 80 -> 192.168.2.3 port
80
rdr on $ext_if proto tcp from any to ($ext_if) port 25 -> 192.168.2.13 port
25
binat on $ext_if from $antares to any -> $ip121_addr
nat on $ext_if from $internal_net to any -> $external_addr
block in log all
pass in on $int_if from $internal_net to any keep state
pass out on $ext_if from $external_addr to any keep state
pass in on $ext_if inet proto tcp from any to $external_addr port 22 keep
state
pass in on $ext_if inet proto tcp from any to $www port 80 keep state
pass in on $ext_if inet proto tcp from any to $mail port 25 keep state
pass in on $ext_if inet proto tcp from any to $antares port 22 keep state
More information about the freebsd-questions
mailing list