padilla,

Perhaps if you take a step back and look at an example of pf everything
might make more sense. It might help if you had a working pf.conf to learn
from and a basic explanation of what each part of pf does.

   OpenBSD Pf Firewall "how to" ( pf.conf )
   http://calomel.org/pf_config.html

This example might be more than you really wanted for your machine, but it
should point you in the right direction for a secure nat'ed firewall. When
you become more fluent in pf, I have included a few of the more useful
options in the same example. If you have any questions I would be happy to
help.

--
 Calomel @ http://calomel.org


On Fri, Oct 05, 2007 at 08:25:26AM -0400, a.padilla wrote:
>ext_if ="rl0"  #macro for external interface
>int_if ="dc0"  #macro for internal interface
>
>localnet= $int_if:network
>
>nat on $ext_if from $localnet to any -> ($ext_if)
>#block in
>pass out keep state
>
>
>pass out on $ext_if proto tcp all
>pass inet proto tcp from {lo0, $localnet} to any keep state
>
>
>I commented out "block in" for testing purposes. still, no success.   
>If you know what's wrong, please don' t just answer.  I want to  
>understand the solution.
>
>ip forwarding is set to 1 and pf is enabled.
>
>On Oct 4, 2007, at 11:50 AM, Roman Strogin wrote:
>
>> On 10/4/07, a.padilla <[EMAIL PROTECTED]> wrote:
>>> Hi, I'm a student trying to learn pf on my own.  I'm trying to set up
>>> a nat.  I've read  documentation yet I still can't get the internal
>>> machine to communicate to the outside world.
>>>
>>> I've been following this documentation: http://www.openbsd.org/faq/ 
>>> pf/
>>> nat.html
>>>
>>> before I go any further, is this the correct place to ask this sort
>>> of question?
>>
>> 1) Have you enabled IP forwarding or, in other words, have you
>> uncommented following lines in your /etc/sysctl.conf:
>> net.inet.ip.forwarding=1
>> net.inet6.ip6.forwarding=1
>> 2) Show your pf.conf.
>>
>> Roman.
>>
>> Roman.

Reply via email to