Date: Thu, 6 Mar 2008 15:02:20 -0300 From: "Alaor Barroso de Carvalho Neto" <alaorneto@gmail.com> To: "Erik Norgaard" <norgaard@locolomo.org> Cc: freebsd-questions@freebsd.org Subject: Re: Please help me with my PF config Message-ID: <2949641c0803061002t1861694ajb5ce75559a23bc33@mail.gmail.com> In-Reply-To: <47D00412.40803@locolomo.org> References: <2949641c0803060554q2ecba5e7g7920bf0b252277c9@mail.gmail.com> <47D00412.40803@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
2008/3/6, Erik Norgaard norgaard@locolomo.org: > > You can add log statements to your nat rules to see which is applied. > > > pass quick proto icmp from any to any keep state > > pass quick from $adm_net to $cefet_servers keep state > > pass quick from $cefet_servers to $adm_net keep state > > It appears that ping is passed by the first rule, but other protocols > are not matched in the second/third rule. > > > block quick from any to $cefet_net > > block quick from $cefet_net to any > > Then it is probably blocked here. Thankz, brother, it worked. I need the nat to work with the firewall config of the other school. Then, I saw in the log that the traffic going through the 10.10.0.50 (my if) to the servers was being blocked. For me saying that adm_net should communicate with cefet_server would be enough to the firewall understand that it should pass trough any if on the way. I know my config is far away from a good config but it's the first time I configure an firewall, and I have only basic english knowledge, I'm not totally sure about I can and I can not do, even since I read the tutorials, because my english skills aren't good enough. The "IN" and "OUT" stuff is very confusing for me yet. But thankz a lot, it's working now. Hugs, Alaor Neto
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2949641c0803061002t1861694ajb5ce75559a23bc33>