[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: My firewall



On Wed, Jan 19, 2005 at 09:04:30AM -0700, R T wrote:
> Hello folks. Im trying to get my OpenBSD 3.5 machine set up as a router. Heres the info so far:
> xl0  network card getting dhcp address from my isp
> ep1  network card hooked to my laptop  192.168.1.1 netmask 255.255.255.0
> 
> The laptop is windows and has 192.168.1.2 as its ip. I can ping the laptop, and the laptop can ping the OpenBSD box, but so far I cant get the laptop onto the internet at all. My pf.conf is quite simple compared to some examples I've seen and I'm thinking its too simple perhaps...#       $OpenBSD: pf.conf,v 1.21 2003/09/02 20:38:44 david Exp $
> #  gatewolf rules (experimental)
> #
> ext_if="xl0"
> int_if="ep1"
> internal_net="10.1.1.1/8"
> external_addr="192.168.1.1"
> 
> # Filtering: the implicit first two rules are
> pass in all
> pass out all
> 
> # block all incoming packets but allow ssh, pass all outgoing tcp and udp
> # connections and keep state, logging blocked packets.
> block in log all
> pass  in  on $ext_if proto tcp from any to $ext_if port 22 keep state
> pass  out on $ext_if proto { tcp, udp } all keep state
> 
> # pass incoming packets destined to the addresses given in table <foo>.
> pass in on $ext_if proto { tcp, udp } from any to <foo> port 80 keep state
> 
> # My silly rules
> pass in  on xl0 all
> pass out on xl0 all
> pass in  on ep1  all
> pass out on ep1  all
> 
> any ideas as to what I have done wrong folks?
> Thanks...
yeah--where's your:
  nat on $ext_if from $int_if:network to any -> ($ext_if)
-j