[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
pf problem
- To: misc@openbsd.org
- Subject: pf problem
- From: Erdei Zsolt <woodi@rozsomak.hu>
- Date: Thu, 16 Oct 2003 14:39:50 +0200 (CEST)
- Content-ID: <Pine.LNX.4.51.0310161439480.27653@fuzion.eu.org>
Hi Ppl,
I attached to my mail my pf.conf...
If I load it the gateway machine can not answare for localnet ping etc...
What should be the problem?
Zsolt Erdei
vpn = "{ 80.244.0.0/16, 62.201.0.0/16, 80.98.0.0/16, 213.222.0.0/16, 84.182.0.0/16, 212.51.122.2 }"
mgmip = "{ 192.168.0.33, 192.168.0.34, 192.168.0.69, 192.168.0.96}"
lanif = "em0"
lanip = "192.168.0.254"
lannet = "192.168.0.0/24"
intif = "{tun0, em2}"
ext1if = "tun0"
ext2if = "em2"
ext1gw = "62.112.192.134"
ext2gw = "62.201.64.1"
denitcp = "{4000}"
protok = " {tcp, udp}"
rdr on $intif proto tcp from any to 62.68.162.25 port 80 -> 192.168.0.101 port 80
rdr on tun0 inet proto tcp from any to any port 22222 -> 192.168.0.69 port 22
nat on $ext1if from $lannet to any -> $ext1if
nat on $ext2if from $lannet to any -> $ext2if
pass out on $lanif from any to $lannet
pass in quick on $lanif from $lannet to $lanif
pass in on $lanif route-to { ($ext1if $ext1gw), ($ext2if $ext2gw) } round-robin proto tcp from $lannet to any flags S/SA modulate state
pass in on $lanif route-to { ($ext1if $ext1gw), ($ext2if $ext2gw) } round-robin proto { udp, icmp } from $lannet to any keep state
pass out on $ext1if route-to ($ext2if $ext2gw) from $ext2if to any
pass out on $ext2if route-to ($ext1if $ext1gw) from $ext1if to any
#block in log on $intif proto tcp from any to any port 1723
#pass in quick on $intif proto tcp from $vpn to 62.68.162.25 port 1723
block in log on $lanif proto tcp from any to $lanip port 22
pass in quick on $lanif proto tcp from $mgmip to $lanif port 22
#block in on $intif proto tcp from any to any port $denitcp
#www
pass in quick on $intif proto tcp from any to 64.68.162.25 port 80 keep state