Morgan wrote:
pf.conf entries:
oif="em0"
onwr="o.o.33.40/29"
oip="o.o.33.46"
iif="em1"
inwr="i.i.10.0/24"
iip="i.i.10.1"
is1="i.i.10.15"
scrub in all
nat on $oif from $inwr to any -> $oif
rdr on $oif proto tcp from any to $oip port 1000 -> $is1 port 22
block in log all
pass in on $oif proto tcp from any to $is1 port 22 keep state
pass in on $oif proto tcp from any to $oip port 22 keep state
pass in on $iif inet from $inwr to any keep state
pass out on $oif inet from $oip to any keep state (additional rule
referred to above that needed to be added to enable outbound
connections, should not be needed?)
antispoof for $oif
antispoof for $iif
Where is your pass rule for your internal interface and for your loopback
for that matter?
Pass on lo0 all
Pass on em1 all
/PP
I am not running anything that is trying to use the loopback interface
on this box.
The following rule passes traffic in on the internal interface, "pass in
on $iif inet from $inwr to any keep state", and there is no rule
blocking traffic out on the internal interface.
Thanks,
Jeff
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
