first firewall with pf

Eric Magutu emagutu at gmail.com
Fri Mar 27 06:17:25 PDT 2009


Hi,
You were right it had to do my topology. The firewall is working correctly
now.

Thanks again for all you help

On Thu, Mar 26, 2009 at 8:07 PM, Eric Magutu <emagutu at gmail.com> wrote:

> Hi Micheal,
> I was trying to simulate the conditions of the server on a test machine.
> I'm pretty sure now I didn't take into account all the network aspects,
> silly mistake :-) Its probably my routing. I will check on my routes
> tomorrow and get back to you.
> I think there is only one active interface though.
>
>
> On Thu, Mar 26, 2009 at 7:33 PM, Michael K. Smith - Adhost <
> mksmith at adhost.com> wrote:
>
>> Hello Eric:
>>
>>
>> Hi everyone,
>>
>> Can you provide a little more information about your topology?  Right now,
>> you only have one interface defined in your rules, but you are attempting to
>> pass traffic between two subnets.  That would suggest you have two
>> interfaces and, if so, both need to be accounted for in your rules below.
>>  You'll have to have pass/block rules for both.  It looks like this:
>>
>> 172.16.0.0/16 -> le0 <firewall> -> (some other interface) -> 10.0.0.0
>>
>> Could you tell me if that is correct?
>>
>> Thanks,
>>
>> Mike
>>
>> ----- Original Message Snipped -----
>> Thanks for all your input so far. I have tried to implement all you
>> suggestions but have gotten stuck. I set up a test machine in the office
>> with the ip 10.0.0.110  and encountered the following problems:
>>
>> when I enables antispoofing the firewall didn't work
>>
>> when I tried allowing the 10.0.0.0 subnet it worked ok but when i tried
>> connecting from machines on the 172.16 subnet I was unable to connect.
>>
>> Can you please let me know what I'm doing wrong?
>> ----------------------------------------
>>
>
>
>
> --
> Regards,
> Eric Magutu
>
>


-- 
Regards,
Eric Magutu


More information about the freebsd-questions mailing list