is pf enabled? sounds like it's just acting as a router at the mo to
me...
pf -ef /etc/pf.conf
On 2 Dec 2008, at 15:10, - Tethys wrote:
Hi...
The hard drive on my firewall machine died overnight, so I rebuilt
it with a new hard drive this morning. I grabbed the most recent
OpenBSD CD I had to hand (which was 3.8 -- yes, I know, and the
order for 4.4 followed as soon as I got to work and had net access
again).
The problem is that while I have net access from the firewall itself,
I don't from any of the machines on my internal network. After playing
with tcpdump, it seems that packets are coming in fine on the internal
interface, and are leaving on the external interface, but are not
being
NATed on the way through. Nothing is being logged on pflog0.
My internal interface is 192.168.8.1, and the external interface is
10.0.8.224/28. My minimal pf.conf[1] looks like:
int = "fxp0"
ext = "rl0"
nat on rl0 from 192.168.8.4 to any -> 10.0.8.230
block in log
pass in log quick on $int
pass out log on $ext keep state
192.168.8.4 is the test machine I'm using on the internal network.
Yet packets from that machine are leaving rl0 with a source IP of
192.168.8.4, not 10.0.8.230 as the NAT rule implies they should be.
Obviously I'll reinstall with 4.4 when it arrives, but in the mean
time, I'm stuck without net access for most of the machines in the
house, and urgently need to sort this out.
Any ideas on where I might be going wrong, and what I can do to fix
it?
Thanks,
Tet
[1] Obviously the real one will be somewhat more complex, but I need
to get something working first, and then I'll build a pf.conf
that does what I need.
--
Perl is like vise grips. You can do anything with it but it is the
wrong tool for every job. -- Bruce Eckel
