Hallo Misc !
I have a problem with the Pf.
I dont understand why but for some reason it wont let ports 80 - 15352 pass
even though I have set it up n the configuration. Its been done according to
the faq and pfctl -nf doesnt return any errors at all !!!
Also NAT in the internal network and all communications from the int:if to
the openbsd are fine !
I am pasting below the conf so you can tell me if you see something wrong.
Thank you for your time !
Best Regards
Alex
int_if = "rl0"
ext_if = "tun0"
core = "192.168.0.1"
giouli = "192.168.0.2"
lydia = "192.168.0.3"
icall = "192.168.0.4"
laptop = "192.168.0.69"
wifi = "192.168.0.227"
clients = "{" $core $giouli $lydia $icall $laptop $wifi "}"
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
set skip on lo0
scrub in all
nat on $ext_if from { 192.168.0.1 192.168.0.2 192.168.0.3 192.168.0.4
192.168.0.69 192.168.0.227 } to any -> ($ext_if)
rdr on $ext_if proto tcp from any to ($ext_if) port 5060 -> $core port 5060
rdr on $ext_if proto tcp from any to ($ext_if) port 5061 -> $core port 5061
rdr on $ext_if proto udp from any to ($ext_if) port 5060 -> $core port 5060
rdr on $ext_if proto udp from any to ($ext_if) port 5061 -> $core port 5061
block all
antispoof quick for $ext_if inet
pass in on $ext_if inet proto tcp from any to ($ext_if) port 15352 flags
S/SA keep state
pass in on $ext_if inet proto tcp from any to ($ext_if) port www flags S/SA
synproxy state
pass in on $ext_if proto udp from any to any port 5060 keep state
pass in on $ext_if proto udp from any to any port 5061 keep state
pass in on $ext_if proto tcp from any to any port 5060 keep state
pass in on $ext_if proto tcp from any to any port 5061 keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto {udp, icmp} all keep state
pass in on $int_if from $int_if:network to any
pass out on $int_if from any to $int_if:network
