2009/2/23 Jason Dixon <ja...@dixongroup.net>: > ########################################################## > 00 ext_if = "sk0" > 01 int_if = "sk1" > 02 > 03 set skip on lo > 04 > 05 scrub in > 06 > 07 nat on $ext_if from $int_if:network to any -> ($ext_if:0) > 08 > 09 block in log all > 10 pass in on $int_if inet keep state > ##########################################################
I tried this and I'm afraid it doesn't work. I can't ping anymore, neither from my own box nor from the firewall. This setup is basically what I also found in the books I have, I guess. :-( DHCP works (i.e. my box gets an IP from the DHCP daemon on the firewall) and I can see maradns receiving requests from localhost (the firewall) and from the int_if (my box) when I try to ping something. It's all blocked by the firewall, though. I don't think it should matter but the only "special" thing about my setup is that my external IP is on 192.168.1.0/24. Yes, that's my *external* network. No more IPv4 address shortages for my ISP. :-) Please also see my next reply.
