[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Very Annoying problem... blocks everything...



Routing isn't an issue.
if I turn off packet filtering (pfctl -d)  everything works perfect.
I turn it on... and I can get onto the firewall from my "full access" workstations outside of the network. 
I can't hit anything else in any networks while it's turnned on, unless I comment out the "block all"
statements at the end.
I did have a Linux firewall in it's place.  It worked great for the last few years.  But I needed something
that I could support IPSec on.  Ran some tests.. and OpenBSD was the eaisest and supported the most.
As for the 192.168.3.250...
internet]---[openbsd]----[router]------[end user]
Between openbsd and router, I'm using 1918 addys..  I dont' need to wast IP Addresses on something that can
use private and work just the same.
Oh.. and the link...
http://www.iodamedia.net/pf.conf
Go grab it.. and tell me what I'm doing wrong!
-Shawn
> Do you have all routing set up correctly?  Is the network that
> 192.168.3.250 is on in the same subnet as one of the firewall interfaces? Or is it a separate network?
> You'd need to add a route for it if it's separate.
> I had something funky happen with my routes at one point and had to re-add.
>
> Good luck
>
>> I enable it.. what happens.. I loose connectivity to all the networks.  Nothing can see anything outside
>> of their network.
>> do a ping from the firewall, and you get:
>>
>> ping: sendto: No route to host
>> ping: wrote 192.168.3.250 64 chars, ret=-1
>>
>>
>> Anyone have any ideas?