Please help me with my PF config
Alaor Barroso de Carvalho Neto
alaorneto at gmail.com
Thu Mar 6 18:02:21 UTC 2008
2008/3/6, Erik Norgaard norgaard at locolomo.org:
>
> You can add log statements to your nat rules to see which is applied.
>
> > pass quick proto icmp from any to any keep state
> > pass quick from $adm_net to $cefet_servers keep state
> > pass quick from $cefet_servers to $adm_net keep state
>
> It appears that ping is passed by the first rule, but other protocols
> are not matched in the second/third rule.
>
> > block quick from any to $cefet_net
> > block quick from $cefet_net to any
>
> Then it is probably blocked here.
Thankz, brother, it worked. I need the nat to work with the firewall config
of the other school. Then, I saw in the log that the traffic going through
the 10.10.0.50 (my if) to the servers was being blocked. For me saying that
adm_net should communicate with cefet_server would be enough to the firewall
understand that it should pass trough any if on the way.
I know my config is far away from a good config but it's the first time I
configure an firewall, and I have only basic english knowledge, I'm not
totally sure about I can and I can not do, even since I read the tutorials,
because my english skills aren't good enough. The "IN" and "OUT" stuff is
very confusing for me yet.
But thankz a lot, it's working now.
Hugs,
Alaor Neto
More information about the freebsd-questions
mailing list