[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: my firewall



R T wrote:
Hello folks. Thanks to everyone who responded to my problem. The laptop can use the internet now, however it wont resolve host names properly. For example, it wouldnt connect to www.google.ca but it would to 64.233.167.104 Same for IRC, xhat wouldnt connect to eu.undernet.org but it would connect to 195.68.221.221 ...wierd, huh?

Heres the pf.conf Im using:
===========================
# Gatewolf pf rules
#
ext_if = "xl0"
int_if = "ep1"

nat on $ext_if from 192.168.1.2 to any -> ($ext_if)

block in  log all
block out log all

pass in quick on lo0 all
pass out quick on lo0 all

pass in  quick on $int_if from any to any
pass out quick on $int_if from any to any

pass quick all
===========================

Ummm... You are wide open to the outside world... Get rid of that last line ASAP.


You should probably study some real-world examples to get a feel for how your pf.conf should be structured. Luckily, you can browse to https://solarflux.org/pf/ where I've compliled a (now aging) list of good examples to learn (and create a solid pf.conf) from. You can also visit #pf on irc.freenode.net and ask questions there; you might not get a response right away, since most everyone there lurks (myself included), but there are some knowledgeable people hanging around #pf.

Sorry to hijack the thread, but asking basic questions here is generally frowned upon.

-S