padilla, Perhaps if you take a step back and look at an example of pf everything might make more sense. It might help if you had a working pf.conf to learn from and a basic explanation of what each part of pf does.
OpenBSD Pf Firewall "how to" ( pf.conf ) http://calomel.org/pf_config.html This example might be more than you really wanted for your machine, but it should point you in the right direction for a secure nat'ed firewall. When you become more fluent in pf, I have included a few of the more useful options in the same example. If you have any questions I would be happy to help. -- Calomel @ http://calomel.org On Fri, Oct 05, 2007 at 08:25:26AM -0400, a.padilla wrote: >ext_if ="rl0" #macro for external interface >int_if ="dc0" #macro for internal interface > >localnet= $int_if:network > >nat on $ext_if from $localnet to any -> ($ext_if) >#block in >pass out keep state > > >pass out on $ext_if proto tcp all >pass inet proto tcp from {lo0, $localnet} to any keep state > > >I commented out "block in" for testing purposes. still, no success. >If you know what's wrong, please don' t just answer. I want to >understand the solution. > >ip forwarding is set to 1 and pf is enabled. > >On Oct 4, 2007, at 11:50 AM, Roman Strogin wrote: > >> On 10/4/07, a.padilla <[EMAIL PROTECTED]> wrote: >>> Hi, I'm a student trying to learn pf on my own. I'm trying to set up >>> a nat. I've read documentation yet I still can't get the internal >>> machine to communicate to the outside world. >>> >>> I've been following this documentation: http://www.openbsd.org/faq/ >>> pf/ >>> nat.html >>> >>> before I go any further, is this the correct place to ask this sort >>> of question? >> >> 1) Have you enabled IP forwarding or, in other words, have you >> uncommented following lines in your /etc/sysctl.conf: >> net.inet.ip.forwarding=1 >> net.inet6.ip6.forwarding=1 >> 2) Show your pf.conf. >> >> Roman. >> >> Roman.
