31.05.2013 14:10, Stefan Desancic:
Hi,
Thank you for your very speedy response.
Also Attached is the config file.
Kind Regards
Stefan
# Section: Interfaces
public_if19="em0"
private_if18="em1"
mgmt_if="em1"
# End: Interfaces
# Section: Ports
Management = "{22,5555}"
ikeports = "{500,4500}"
# End: Ports
# Section: Address Table
table <CENTER-CONTACT> {192.168.50.250}
table <CONTACT-EDGE1> {192.168.50.1}
table <IP_10.0.0.1> {10.0.0.1}
table <IP_10.0.0.2> {10.0.0.2}
table <IP_192.168.50.250> {192.168.50.250}
table <LPN_192.168.100.0_24> {192.168.100.0/24}
table <LPN_192.168.50.0_24> {192.168.50.0/24}
table <CENTER-CONTACTN> {192.168.50.250}
# End: Address Table
# Section: Options
set ruleset-optimization none
set block-policy return
set skip on lo
# End: Options
# Section: Scrubbing
scrub in all
# End: Scrubbing
# Section: Anti Spoofing
antispoof quick for {$public_if19, $private_if18} inet
# End: Anti Spoofing
# Section: Firewall Rules
# Section: System Rules
block in from any to any label RuleId[111]
pass out from any to any label RuleId[112]
# End: System Rules
# Section: VPN LPN access Rules
pass from {<LPN_192.168.100.0_24>} to {<LPN_192.168.50.0_24>} tagged vpn label
RuleId[140]
pass from {<LPN_192.168.50.0_24>} to {<LPN_192.168.100.0_24>} label RuleId[141]
# End: VPN LPN access Rules
# Section: User Rules
# block from any to any no state label RuleId[149]
# pass in from {<LPN_192.168.100.0_24>} to {<LPN_192.168.50.0_24>} label
RuleId[151]
# pass in from {<LPN_192.168.50.0_24>} to {<LPN_192.168.100.0_24>} label
RuleId[152]
pass from any to any label RuleId[157]
# End: User Rules
# Section: IPsec Rules
pass in on $mgmt_if proto {udp} from {<CENTER-CONTACTN>} to {<CONTACT-EDGE1>}
port $ikeports label RuleId[117]
pass in on $mgmt_if proto {esp} from {<CENTER-CONTACTN>} to {<CONTACT-EDGE1>}
label RuleId[118]
pass in on $mgmt_if proto {ipencap} from {<CENTER-CONTACTN>} to
{<CONTACT-EDGE1>} tag management label RuleId[119]
pass proto {udp} from {<IP_192.168.50.250>} to {<IP_10.0.0.2>} port $ikeports
label RuleId[131]
pass proto {udp} from {<IP_10.0.0.2>} to {<IP_192.168.50.250>} port $ikeports
label RuleId[132]
pass proto {esp} from {<IP_192.168.50.250>} to {<IP_10.0.0.2>} label RuleId[133]
pass proto {esp} from {<IP_10.0.0.2>} to {<IP_192.168.50.250>} label RuleId[134]
pass in on $public_if19 proto {udp} from {<IP_10.0.0.2>} to {<IP_10.0.0.1>}
port $ikeports label RuleId[135]
pass out on $public_if19 proto {udp} from {<IP_10.0.0.1>} to {<IP_10.0.0.2>}
port $ikeports label RuleId[136]
pass in on $public_if19 proto {esp} from {<IP_10.0.0.2>} to {<IP_10.0.0.1>}
label RuleId[137]
pass out on $public_if19 proto {esp} from {<IP_10.0.0.1>} to {<IP_10.0.0.2>}
label RuleId[138]
pass in on $public_if19 proto {ipencap} from {<IP_10.0.0.2>} to {<IP_10.0.0.1>}
tag vpn label RuleId[139]
# End: IPsec Rules
# Section: Management Rules
pass in on $mgmt_if proto {tcp} from {<CENTER-CONTACT>} to {<CONTACT-EDGE1>}
port $Management tagged management label RuleId[120]
# End: Management Rules
# End: Firewall Rules
I'm missing a rule which would pass tcp connections to port 1 on any
interface. However I can see a pass all rule. Remote connections should
be enabled.
How your tcpmux server is configured? Can you show the output of
`sockstat | grep ':1 '`?
Good Morning,
Is there a flag or a setting in the PF firewall in FreeBSD that you can set to
allow TCPmux traffic to flow through it? The pass all rule doesn't seem to
work, however if I disable PF completely then the TCPmux traffic flow through.
I have no problems with tcpmux and pf. Can you show your config? On my machines
tcpmux is served from inetd on default port (1).
--
Sphinx of black quartz, judge my vow.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
