> rl0 is connected to the internet. > On Oct 5, 2007, at 12:52 PM, ropers wrote: > > > On 05/10/2007, a.padilla <[EMAIL PROTECTED]> wrote: > >> I commented everything out except the nat rule and > >> "pass out keep state" > >> > >> still nothing. > > > delete "pass out keep state" This will not work alone. insert "pass quick all" as a temporary test. If you can move traffic from your internal net through your firewall with this rule enabled, comment it out and then start developing your ruleset.
unless I'm missing a piece of your pf.conf, you have no rule that is allowing inbound traffic from your internal network to your internal interface. You must explicitly allow traffic into the firewall. "pass out keep state" would only allow a state to be created on traffic originating at the firewall itself. -- Joe
