I am having troubles with this pf configuration, it seems when loaded
nothing can access my server on the internal interface for the LAN, I
cannot see why, and it's pretty much based off the very standard
example in the OpenBSD faq.
When I unload the configuration, I can access the DNS server on the
firewall running this configuration. It seems to forward everything
through to the Internet, but blocks DNS which makes it pretty useless.
I've looked at it at least five times...
[john@baal ~$ cat /etc/pf.conf
int_if="xl0"
ext_if="tun0"
rothbard="10.0.0.10"
baal="10.0.0.2"
smass="10.0.0.1"
tcp_services="{22}"
icmp_types="echoreq"
set block-policy return
set loginterface $ext_if
set skip on lo
match out on egress inet from !(egress:network) to any nat-to (egress:0)
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on egress inet proto tcp from any to (egress) \
port $tcp_services
#After this goes forwarded ports... Probably just use ssh tunnels.
pass in inet proto icmp all icmp-type $icmp_types
What is wrong?
Also can you tell me how to do this so it only needs to load once, and
not be loaded by a shell script after userland pppoe successfully
connects?
--
www.johntate.org
