On Thu, Nov 23, 2006 at 12:38:05PM +1100, [EMAIL PROTECTED] wrote: > The PF router I setup is an Internet router that allow people access the > Internet. > But in the mean time, this PF router also connected to a local freebsd server. > As a user behind the PF router, i also want to ssh into the local freebsd > server (10.1.10.2). > But currently I m not able to ssh into this local server thru the PF router. > > The current NAT rules in the PF router setup as: > > # pfctl -a NATRULES -sn > nat on sis0 inet from 192.168.1.0/24 to any -> (sis0) round-robin > nat on sis0 inet from 172.17.3.0/24 to any -> (sis0) round-robin > nat on sis0 inet from 10.1.10.0/24 to any -> (sis0) round-robin > > I m connected to the 172.17.3.0/24 network. The local freebsd server is > connected to 10.1.10.0/24 network. > > And the PF router is already setup as a default gateway. > > How can I modify the PF rules so that I can login from 172.17.3.0/24 to > 10.1.10.0/24 network?
Are they both on the LAN side of the PF box? I assume sis0 is the WAN interface, but you don't say which is which. You will need an interface alias on each network, and you will need to do something like: pass quick on $lan_if from $lan_if:network to $lan_if:network That rule will expand to each network, so you can communicate between them through the router. -- "Cryptography is nothing more than a mathematical framework for discussing various paranoid delusions." -- Don Alvarez <URL:http://www.subspacefield.org/~travis/> -><- _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"