From owner-freebsd-pf@FreeBSD.ORG Sat Apr 29 15:53:43 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C45816A411 for ; Sat, 29 Apr 2006 15:53:43 +0000 (UTC) (envelope-from slas7713@yahoo.com) Received: from web38910.mail.mud.yahoo.com (web38910.mail.mud.yahoo.com [209.191.125.116]) by mx1.FreeBSD.org (Postfix) with SMTP id AAC6743D67 for ; Sat, 29 Apr 2006 15:53:40 +0000 (GMT) (envelope-from slas7713@yahoo.com) Received: (qmail 72908 invoked by uid 60001); 29 Apr 2006 14:58:35 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=ciyfUMzXnOV84zhZn/SY4Ne2yagHinSZnYc8Tyq9HLRPDJ1XT7vt1KKA7oLo/tvvmwqlS/hr4E5h45R5FxdlKUljEnWOgEJqqvrR4TtsnVYntWvyabsW9BJiqinExJ4Bdck3FTB6NPLh5TAO4lUB4ViZbeOPpA9EfolUGiG6QKM= ; Message-ID: <20060429145835.72906.qmail@web38910.mail.mud.yahoo.com> Received: from [66.190.186.188] by web38910.mail.mud.yahoo.com via HTTP; Sat, 29 Apr 2006 07:58:35 PDT Date: Sat, 29 Apr 2006 07:58:35 -0700 (PDT) From: steve lasiter To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: first question X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Apr 2006 15:53:45 -0000 I've used ipfilter and now have just loaded FreeBSD 6.1 with PF to configure for a gateway/firewall/router w/3 NICS for a new network the office. My topologoy: INTERNET | | --------|--------- 66.190.186.13 (EXT_NIC) GATEWAY/FIREWALL 10.0.0.0/24 ---switch----DMZ webserver (DMZ_NIC) 192.168.0.0/24 (INT_NIC) --------|---------- | | SBS 2003 box w/ISA | switch | LAN Questions: 1)I need to allow access on ports 25, 80 and 443 to the Small Business Server 2003 box for remote access but I want all non-office related traffic on ports 80 and 443 to go to the dmz webserver. Can you give some insight on how I might route this using PF? 2)Can someone provide a good base set of rules that they have established for a similar topology? This should get me started. Thanks for all the input. Steve L __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com