Hello.
My ruleset is all twisted.
Unless I disable the default deny policy, this is what happens:
* My nameserver setup goes disfunctional.
* My web, mail and fileserver goes disfunctional.
* I cannot SSH and FTP into certain servers.
* I cannot ping my IP from the outside.
Can anyone tell what's wrong?
And maybe also how I can simplify my ruleset?
int_if="ep0"
ext_if="lnc0"
# *** Options
#
set block-policy drop
# *** Scrub incoming packets
#
scrub in all
# *** NAT
#
nat on $ext_if from $int_if:network to any -> ($ext_if)
rdr on $int_if proto tcp from any to any \
port 21 -> 127.0.0.1 port 8021
# *** Default deny policy
#
# block drop log all
# *** Pass loopback traffic
#
pass quick on { lo0 $int_if }
# *** Outgoing
#
pass out on $ext_if inet proto { tcp, udp, icmp } \
from ($ext_if) to any keep state
# *** Bootstrap
#
pass out on $ext_if inet proto udp \
from any port 68 to any port 67 keep state
# *** DNS and NTP
#
pass out on $ext_if inet proto udp \
from ($ext_if) to any port { 53, 123 } keep state
# *** SSH, HTTP and Ident
#
pass in on $ext_if inet proto tcp \
from any to ($ext_if) port { 22, 80, 113 } flags S/SA keep state
# *** Active FTP
#
pass in on $ext_if inet proto tcp \
from port 20 to ($ext_if) user proxy flags S/SA keep state
Thank you so much.
Keep in touch!
--
Fafa Hafiz Krantz
Research Designer @ http://www.bleed.no
--
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm
