[pf4freebsd] Re: nat dynamic ip interface
Amir S.
amir at boom.org.il
Wed Sep 15 21:02:53 PDT 2004
On Tue, Mar 16, 2004 at 11:16:32AM +0100, Max Laier wrote:
>
>On Tue, Mar 16, 2004 at 10:57:34AM +0200, Amir S. wrote:
>> pass out on $adsl_if proto tcp all modulate state flags S/SA group whe=
el
>> pass out on $adsl_if proto { udp, icmp } all keep state group wheel
>
>This seems bogus as there should not be any ip traffic on $adsl_if. All
>traffic there should be encapsulated inside of PPPoE packets. Take a loo=
k at
>the counters to see if these rules are matched at all. (pfctl -vsr)
I'm using those rules to allow access from my machine to the adsl modem.
my adsl modem provides web, telnet access for status, reboot, etc.
--=20
Amir.
-- Attached file included as plaintext by Ecartis --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFAVtcn6GJjqfuvOIgRAtU3AJ48xHIgZt0iDryF7YpbTXLKztMBSgCfeDkm
EvNFcjP+1dTwF4wB6VP+JQg=3D
=3D/+O6
-----END PGP SIGNATURE-----
More information about the freebsd-pf
mailing list