Re: pf problem

[PASTOR Michel <pastor.michel@free.fr>]

What about adding a rule like this one on top of your pf.conf to allow the packets passing thru lo0:
pass quick on lo0 all

I think it can help...

On Thu, Oct 16, 2003 at 02:39:50PM +0200, Erdei Zsolt wrote:
> Hi Ppl,
> 
> I attached to my mail my pf.conf...
> If I load it the gateway machine can not answare for localnet ping etc...
> 
> What should be the problem?
> 
> Zsolt Erdei
> vpn = "{ 80.244.0.0/16, 62.201.0.0/16, 80.98.0.0/16, 213.222.0.0/16, 84.182.0.0/16, 212.51.122.2 }"
> mgmip = "{ 192.168.0.33, 192.168.0.34, 192.168.0.69, 192.168.0.96}"
> lanif = "em0"
> lanip = "192.168.0.254"
> lannet = "192.168.0.0/24"
> intif = "{tun0, em2}"
> ext1if = "tun0"
> ext2if = "em2"
> ext1gw = "62.112.192.134"
> ext2gw = "62.201.64.1"
> denitcp = "{4000}"
> protok = " {tcp, udp}"
> 
> rdr on $intif proto tcp from any to 62.68.162.25 port 80 -> 192.168.0.101 port 80
> rdr on tun0 inet proto tcp from any to any port 22222 -> 192.168.0.69 port 22
> 
> nat on $ext1if from $lannet to any -> $ext1if
> nat on $ext2if from $lannet to any -> $ext2if
> 
> pass out on $lanif from any to $lannet
> pass in quick on $lanif from $lannet to $lanif
> 
> pass in on $lanif route-to { ($ext1if $ext1gw), ($ext2if $ext2gw) } round-robin proto tcp from $lannet to any flags S/SA modulate state
> pass in on $lanif route-to { ($ext1if $ext1gw), ($ext2if $ext2gw) } round-robin proto { udp, icmp } from $lannet to any keep state
> 
> pass out on $ext1if route-to ($ext2if $ext2gw) from $ext2if to any
> pass out on $ext2if route-to ($ext1if $ext1gw) from $ext1if to any
> 
> #block in log on $intif proto tcp from any to any port 1723
> #pass in quick on $intif proto tcp from $vpn to 62.68.162.25 port 1723
> 
> block in log on $lanif proto tcp from any to $lanip port 22
> pass in quick on $lanif proto tcp from $mgmip to $lanif port 22
> 
> #block in on $intif proto tcp from any to any port $denitcp
> #www
> pass in quick on $intif proto tcp from any to 64.68.162.25 port 80 keep state