Re: NAT, Firewall & pf

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: patrick keshishian

Date: Tuesday, February 24, 2009 - 11:38 pm

On Tue, Feb 24, 2009 at 9:48 PM, Hilco Wijbenga
<hilco.wijbenga@gmail.com> wrote:
quoted text> 2009/2/23 Jason Dixon <jason@dixongroup.net>:
>> ##########################################################
>> 00 ext_if = "sk0"
>> 01 int_if = "sk1"
>> 02
>> 03 set skip on lo
>> 04
>> 05 scrub in
>> 06
>> 07 nat on $ext_if from $int_if:network to any -> ($ext_if:0)
>> 08
>> 09 block in log all
>> 10 pass in on $int_if inet keep state

# I think you are missing a pass out on $ext_if rule
11 pass out on $ext_if

w/o 11 all inbound packets are blocked by 09.

--patrick

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

NAT, Firewall & pf, Hilco Wijbenga, (Mon Feb 23, 6:58 pm)

Re: NAT, Firewall & pf, kevin thompson, (Mon Feb 23, 9:09 pm)

Re: NAT, Firewall & pf, patrick keshishian, (Mon Feb 23, 9:32 pm)

Re: NAT, Firewall & pf, Jason Dixon, (Mon Feb 23, 9:33 pm)

Re: NAT, Firewall & pf, patrick keshishian, (Mon Feb 23, 9:37 pm)

Re: NAT, Firewall & pf, johan beisser, (Mon Feb 23, 9:47 pm)

Re: NAT, Firewall & pf, Jason Dixon, (Mon Feb 23, 9:55 pm)

Re: NAT, Firewall & pf, patrick keshishian, (Mon Feb 23, 10:11 pm)

Re: NAT, Firewall & pf, patrick keshishian, (Mon Feb 23, 10:13 pm)

Re: NAT, Firewall & pf, johan beisser, (Mon Feb 23, 10:18 pm)

Re: NAT, Firewall & pf, Toni Mueller, (Tue Feb 24, 3:09 am)

Re: NAT, Firewall & pf, (private) HKS, (Tue Feb 24, 6:52 am)

Re: NAT, Firewall & pf, Jorge Enrique Valbue ..., (Tue Feb 24, 7:38 am)

Re: NAT, Firewall & pf, Hilco Wijbenga, (Tue Feb 24, 10:08 am)

Re: NAT, Firewall & pf, Hilco Wijbenga, (Tue Feb 24, 10:10 am)

Re: NAT, Firewall & pf, (private) HKS, (Tue Feb 24, 10:48 am)

Unfortunate dot was ... missing, Jean-Francois, (Tue Feb 24, 11:43 am)

Re: Unfortunate dot was ... missing, Jason Dixon, (Tue Feb 24, 11:55 am)

Re: Unfortunate dot was ... missing, Etienne Robillard, (Tue Feb 24, 12:05 pm)

Re: Unfortunate dot was ... missing, Tim Donahue, (Tue Feb 24, 12:10 pm)

Re: Unfortunate dot was ... missing, Daniel A. Ramaley, (Tue Feb 24, 12:10 pm)

Re: Unfortunate dot was ... missing, Tony Abernethy, (Tue Feb 24, 12:12 pm)

Re: Unfortunate dot was ... missing, richardtoohey, (Tue Feb 24, 12:12 pm)

Re: NAT, Firewall & pf, Hilco Wijbenga, (Tue Feb 24, 10:48 pm)

Re: NAT, Firewall & pf, Hilco Wijbenga, (Tue Feb 24, 10:49 pm)

Re: NAT, Firewall & pf, patrick keshishian, (Tue Feb 24, 11:38 pm)

Re: NAT, Firewall & pf, Jean-Francois, (Wed Feb 25, 12:20 am)

Re: NAT, Firewall & pf, David Vasek, (Wed Feb 25, 3:45 am)

Re: NAT, Firewall & pf, ropers, (Wed Feb 25, 5:07 pm)

Re: NAT, Firewall & pf, patrick keshishian, (Wed Feb 25, 5:39 pm)

Re: NAT, Firewall & pf, Rod Whitworth, (Wed Feb 25, 6:10 pm)

Re: NAT, Firewall & pf, Jason Dixon, (Wed Feb 25, 6:15 pm)

Re: NAT, Firewall & pf, patrick keshishian, (Wed Feb 25, 6:39 pm)

Re: NAT, Firewall & pf, Jason Dixon, (Wed Feb 25, 6:50 pm)

Re: NAT, Firewall & pf, Jorge Enrique Valbue ..., (Wed Feb 25, 7:08 pm)

Re: NAT, Firewall & pf, Rod Whitworth, (Wed Feb 25, 7:14 pm)

Re: NAT, Firewall & pf, Jason Dixon, (Wed Feb 25, 7:27 pm)

Re: NAT, Firewall & pf, Rod Whitworth, (Wed Feb 25, 9:05 pm)

Re: NAT, Firewall & pf, Jason Dixon, (Wed Feb 25, 9:45 pm)

Re: NAT, Firewall & pf, patrick keshishian, (Wed Feb 25, 9:53 pm)

Re: NAT, Firewall & pf, patrick keshishian, (Wed Feb 25, 10:00 pm)

Re: NAT, Firewall & pf, ropers, (Wed Feb 25, 10:47 pm)

Re: NAT, Firewall & pf, Jason Dixon, (Wed Feb 25, 11:28 pm)


linux-kernel:
Greg Kroah-Hartman	[PATCH 041/196] kobject: add kobject_init_and_add function
Lukas Hejtmanek	Re: Another libata error related to OCZ SSD
Greg Kroah-Hartman	[PATCH 023/196] MCP_UCB1200: Convert from class_device to device
Florian Fainelli	Re: System clock runs too fast after 2.6.27 -> 2.6.28.1 upgrade
Christoph Lameter	[patch 1/4] mmu_notifier: Core code
git:
Johannes Schindelin	Re: [PATCH 1/2] Add strbuf_initf()
John Bito	[EGIT] Push to GitHub caused corruption
Jakub Narebski	Re: [PATCH 0/2] gitweb: patch view
Junio C Hamano	Re: [PATCH] When a remote is added but not fetched, tell the user.
Andy Parkins	Re: [RFC] Submodules in GIT
git-commits-head:
Linux Kernel Mailing List	ahci: Workaround HW bug for SB600/700 SATA controller PMP support
Linux Kernel Mailing List	V4L/DVB (11086): au0828: rename macro for currently non-function VBI support
Linux Kernel Mailing List	ceph: client types
Linux Kernel Mailing List	ceph: on-wire types
Linux Kernel Mailing List	crypto: chainiv - Use kcrypto_wq instead of keventd_wq
linux-netdev:
Andrew Morton	Re: [Bugme-new] [Bug 14969] New: b44: WOL does not work in suspended state
Giuseppe CAVALLARO	Re: [PATCH 03/13] stmmac: add the new Header file for stmmac platform data
Taku Izumi	[PATCH 3/3] ixgbe: add registers etc. printout code just before resetting adapters
Eric Dumazet	rps: some comments
Thomas Gleixner	Re: [RFC PATCH 02/12] On Tue, 23 Sep 2008, David Miller wrote:
openbsd-misc:
Stephan Andreas	problems with login after xlock in OpenBSD release 4.7
pmc	Make A Change. Alcoholism and Drug Addiction Treatment
ropers	Re: what exactly is enc0?
Fuad NAHDI	Re: What does your environment look like?
Matthew Szudzik	Typo on OpenBSD 4.4 CD Set