From owner-freebsd-questions@FreeBSD.ORG Thu Dec 13 11:26:34 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 383D116A537 for ; Thu, 13 Dec 2007 11:26:34 +0000 (UTC) (envelope-from ghirai@ghirai.com) Received: from iota.fastbighost.com (iota.fastbighost.com [65.98.8.190]) by mx1.freebsd.org (Postfix) with ESMTP id E983413C44B for ; Thu, 13 Dec 2007 11:26:33 +0000 (UTC) (envelope-from ghirai@ghirai.com) Received: from [89.123.61.200] (port=53439 helo=deimos.bsd.nix) by iota.fastbighost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from ) id 1J2mCz-00005z-7s; Thu, 13 Dec 2007 11:26:29 +0000 Date: Thu, 13 Dec 2007 13:25:35 +0200 From: Ghirai To: "Alaor Barroso de Carvalho Neto" Message-Id: <20071213132535.194adf58.ghirai@ghirai.com> In-Reply-To: <2949641c0712130319p3da37aeci92987c64516dabef@mail.gmail.com> References: <2949641c0712130319p3da37aeci92987c64516dabef@mail.gmail.com> X-Mailer: Sylpheed 2.4.7 (GTK+ 2.12.1; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-PopBeforeSMTPSenders: ghirai@ghirai.com X-Antivirus-Scanner: Clean mail though you should still use an Antivirus X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - iota.fastbighost.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - ghirai.com X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-questions@freebsd.org Subject: Re: PF blocking even if set to pass all X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Dec 2007 11:26:34 -0000 On Thu, 13 Dec 2007 09:19:03 -0200 "Alaor Barroso de Carvalho Neto" wrote: > Hi guyz, like I've said in other topic, I'm building a BSD box that'll act > as a gateway between three private networks and the internet. I want that > each private network can ping to each other, and I can do that till I > activate my pf firewall. When I do pfctl -e it stop working. > > The output of pfctl -sr is: > pass in all > pass out all > > So I guess it would pass anything, why it isn't happening? > > Hugs, > Alaor > _______________________________________________ You need to specify from/to what interface it should pass (if you have more than one NIC, which i assume you do, since the box is acting as a router). I suggest you read this tutorial/book: http://www.bsdly.net/~peter/pf.html It explains what you want to do in detail. -- Regards, Ghirai.