Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 27 Mar 2009 16:17:23 +0300
From:      Eric Magutu <emagutu@gmail.com>
To:        "Michael K. Smith - Adhost" <mksmith@adhost.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: first firewall with pf
Message-ID:  <e9cb8190903270617q3c900821x6fb9ebba11332499@mail.gmail.com>
In-Reply-To: <e9cb8190903261007r701b68e9y76166139ace38d7c@mail.gmail.com>
References:  <53529.216.241.167.212.1237911183.squirrel@webmail.pknet.net> <op.ura05ywcflcvyi@da1-desktop-x64> <17838240D9A5544AAA5FF95F8D52031605B4283F@ad-exh01.adhost.lan> <e9cb8190903260723y40f12cd9s7af35670f7285627@mail.gmail.com> <17838240D9A5544AAA5FF95F8D52031605B42A8F@ad-exh01.adhost.lan> <e9cb8190903261007r701b68e9y76166139ace38d7c@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hi,
You were right it had to do my topology. The firewall is working correctly
now.

Thanks again for all you help

On Thu, Mar 26, 2009 at 8:07 PM, Eric Magutu <emagutu@gmail.com> wrote:

> Hi Micheal,
> I was trying to simulate the conditions of the server on a test machine.
> I'm pretty sure now I didn't take into account all the network aspects,
> silly mistake :-) Its probably my routing. I will check on my routes
> tomorrow and get back to you.
> I think there is only one active interface though.
>
>
> On Thu, Mar 26, 2009 at 7:33 PM, Michael K. Smith - Adhost <
> mksmith@adhost.com> wrote:
>
>> Hello Eric:
>>
>>
>> Hi everyone,
>>
>> Can you provide a little more information about your topology?  Right now,
>> you only have one interface defined in your rules, but you are attempting to
>> pass traffic between two subnets.  That would suggest you have two
>> interfaces and, if so, both need to be accounted for in your rules below.
>>  You'll have to have pass/block rules for both.  It looks like this:
>>
>> 172.16.0.0/16 -> le0 <firewall> -> (some other interface) -> 10.0.0.0
>>
>> Could you tell me if that is correct?
>>
>> Thanks,
>>
>> Mike
>>
>> ----- Original Message Snipped -----
>> Thanks for all your input so far. I have tried to implement all you
>> suggestions but have gotten stuck. I set up a test machine in the office
>> with the ip 10.0.0.110  and encountered the following problems:
>>
>> when I enables antispoofing the firewall didn't work
>>
>> when I tried allowing the 10.0.0.0 subnet it worked ok but when i tried
>> connecting from machines on the 172.16 subnet I was unable to connect.
>>
>> Can you please let me know what I'm doing wrong?
>> ----------------------------------------
>>
>
>
>
> --
> Regards,
> Eric Magutu
>
>


-- 
Regards,
Eric Magutu



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?e9cb8190903270617q3c900821x6fb9ebba11332499>