packet filter problem on transparent firewall using bridge and
pf
ProAce
proace at gmail.com
Wed Jun 20 15:57:17 UTC 2012
> 2012/6/20 Erik Osterholm <erik at barragry.com>:
>
>
> Try adding logging to the rules, enable pflog, and see which rule is blocking.
>
> Erik
hmm....
I discovered some things from log.
Even if the packet hit a rule ( pass in quick on bridge0 .... ) , the
packet still is blocked by block out rule ( block out on bridge0 ).
So, I change some configuration.
1. bind freebsd ip ( 10.1.1.1 ) on em0
2. change some pf rules ( please see below )
pf.conf
my_net=10.1.1.0/24
serv1="10.1.1.101"
client1="10.1.6.73"
set skip lo0
set skip bridge0
block in all
block out all
pass in log quick on em0 from $my_net to $my_net
pass out log quick on em1 from $my_net to $my_net
pass in log quick on em1 from $my_net to any
pass out log quick on em0 from $my_net to any
pass in log quick on em0 from $client1 to $serv1
pass out log quick on em1 from $client1 to $serv1
It's work now! :)
More information about the freebsd-questions
mailing list