[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

newbie question



Title: newbie question

Hi

I’m currently trying to run an OpenBSD firewall, I’ve read the man pages, but probably I’m doing something wrong…

I’m running OBSD 3.2 stable with NAT (NAT works fine) now I’m playing with pf rules.

e.g.

dc1 – external xxx.xxx.xxx.xxx

dc0 – internal 192.168.1.1

scrub in all

nat on dc1 from 192.168.0.0/16 to any -> xxx.xxx.xxx.xxx

block in log quick on dc1 proto { tcp, udp } from any to xxx.xxx.xxx.xxx \

    port { 5432, 5801, 5901, 6001 }

block out log quick on dc1 from ! xxx.xxx.xxx.xxx to any

block in quick on dc1 from any to 255.255.255.255 

block in log quick on dc1 from { 10.0.0.0/8, 172.16.0.0/12, \

    192.168.0.0/16, 255.255.255.255/32 } to any

pass in log all

pass out all

So I’m trying to block these ports, but it doesn’t work I’m still able to connect to postgres running on that machine…

(I know that I can block it in pg_hba.conf but that’s not the question) Even if I put both pass rules in front of the block rules

as I was advised in [email protected] nothing will change.

And the last question:

The machine is Pentium Pro 200 MMX with 64MB SIMM RAM two DEC 21142/3 interfaces and 2.5GB 3600rpm IDE drive

It’s an old machine. Can I use it as a firewall/NAT for approximately 200 win computers? (campus)

Thank you

                                                                                        Hunci

Peter Huncar

SP SCCh FChPT STU