From owner-freebsd-questions@FreeBSD.ORG  Mon Apr 25 15:18:40 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 657F716A4CE
	for <freebsd-questions@freebsd.org>;
	Mon, 25 Apr 2005 15:18:40 +0000 (GMT)
Received: from vs2.bgnett.no (vs02.bgnett.no [194.54.96.190])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 83DBF43D31
	for <freebsd-questions@freebsd.org>;
	Mon, 25 Apr 2005 15:18:39 +0000 (GMT)	(envelope-from peter@bgnett.no)
Received: from amidala.datadok.no.bgnett.no (amidala.datadok.no
	[194.54.103.98])
	by vs2.bgnett.no (8.12.9p2/8.12.9) with ESMTP id j3PFIUKf061285
	for <freebsd-questions@freebsd.org>;
	Mon, 25 Apr 2005 17:18:31 +0200 (CEST)
	(envelope-from peter@bgnett.no)
To: freebsd-questions@freebsd.org
References: <20050425124134.A19F04BEAD@ws1-1.us4.outblaze.com>
From: peter@bgnett.no (Peter N. M. Hansteen)
Date: Mon, 25 Apr 2005 17:15:32 +0200
In-Reply-To: <20050425124134.A19F04BEAD@ws1-1.us4.outblaze.com> (Fafa Diliha
 Romanova's message of "Mon, 25 Apr 2005 07:41:34 -0500")
Message-ID: <867jiqopkb.fsf@amidala.datadok.no>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Jumbo Shrimp,
 berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-bgnett.no-virusscanner: Found to be clean
X-Envelope-To: freebsd-questions@freebsd.org
Subject: Re: PF problem!!!
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Apr 2005 15:18:40 -0000

"Fafa Diliha Romanova" <fteg@london.com> writes:

> My question is: Why do I have to type this after everytime I've rebooted
> to make my NAT gateway server allow Internet access to my workstation?

Your rule set does not contain any rules which let packets pass *in* on
your internal interface. 

Remember, pf.conf is seen from the firewall's perspective. traffic
passes IN from elsewhere on either interface to the firewall, OUT to
elsewhere on either interface. You have rules which let traffic pass
in to the firewall on the external interface and out from the firewall
on the external interface, but none which let traffic in on the internal
interface.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"