From owner-freebsd-questions@FreeBSD.ORG Fri Mar 27 13:17:25 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 746111065674 for ; Fri, 27 Mar 2009 13:17:25 +0000 (UTC) (envelope-from emagutu@gmail.com) Received: from mail-ew0-f171.google.com (mail-ew0-f171.google.com [209.85.219.171]) by mx1.freebsd.org (Postfix) with ESMTP id CC9EF8FC15 for ; Fri, 27 Mar 2009 13:17:24 +0000 (UTC) (envelope-from emagutu@gmail.com) Received: by ewy19 with SMTP id 19so978643ewy.43 for ; Fri, 27 Mar 2009 06:17:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=yEPbl2eqbPEJm3G+Oz7prqoquUx1m3ahAod7JgRr+9k=; b=Nn3Z5NiWQR+gUK5j8CVODfnzA6mx2YH99HUSxKRy4a51syj0ION56NTOgU/uzM5S2k CICw6Y6KqoV/ttmC3fbXMxxaPWAThPT0m3X6MhkTCTkeY1vCOK8jfAi+RwI8pRr4799p 9I0qeJIJcmZ3xwDj/XIYJ4UZX08kQiL2DuY7s= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=x/ELUaMwf8hn+jUBoLOQwoVuon7DSIMjcgTeuIyc6SvsbwBxHk/wLMYaJkBR3CU0CW v4lTrAvV2F4VfkrGEy1x7WhJPKCUVFapln3iWqH7ENAvTXY3cbx1jiunROo7zl+FxhDG +fciZ3wjtfPuWNw5l7gLu8chXTC1/iZQg6bdA= MIME-Version: 1.0 Received: by 10.216.28.209 with SMTP id g59mr792940wea.96.1238159843628; Fri, 27 Mar 2009 06:17:23 -0700 (PDT) In-Reply-To: References: <53529.216.241.167.212.1237911183.squirrel@webmail.pknet.net> <17838240D9A5544AAA5FF95F8D52031605B4283F@ad-exh01.adhost.lan> <17838240D9A5544AAA5FF95F8D52031605B42A8F@ad-exh01.adhost.lan> Date: Fri, 27 Mar 2009 16:17:23 +0300 Message-ID: From: Eric Magutu To: "Michael K. Smith - Adhost" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: first firewall with pf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Mar 2009 13:17:25 -0000 Hi, You were right it had to do my topology. The firewall is working correctly now. Thanks again for all you help On Thu, Mar 26, 2009 at 8:07 PM, Eric Magutu wrote: > Hi Micheal, > I was trying to simulate the conditions of the server on a test machine. > I'm pretty sure now I didn't take into account all the network aspects, > silly mistake :-) Its probably my routing. I will check on my routes > tomorrow and get back to you. > I think there is only one active interface though. > > > On Thu, Mar 26, 2009 at 7:33 PM, Michael K. Smith - Adhost < > mksmith@adhost.com> wrote: > >> Hello Eric: >> >> >> Hi everyone, >> >> Can you provide a little more information about your topology? Right now, >> you only have one interface defined in your rules, but you are attempting to >> pass traffic between two subnets. That would suggest you have two >> interfaces and, if so, both need to be accounted for in your rules below. >> You'll have to have pass/block rules for both. It looks like this: >> >> 172.16.0.0/16 -> le0 -> (some other interface) -> 10.0.0.0 >> >> Could you tell me if that is correct? >> >> Thanks, >> >> Mike >> >> ----- Original Message Snipped ----- >> Thanks for all your input so far. I have tried to implement all you >> suggestions but have gotten stuck. I set up a test machine in the office >> with the ip 10.0.0.110 and encountered the following problems: >> >> when I enables antispoofing the firewall didn't work >> >> when I tried allowing the 10.0.0.0 subnet it worked ok but when i tried >> connecting from machines on the 172.16 subnet I was unable to connect. >> >> Can you please let me know what I'm doing wrong? >> ---------------------------------------- >> > > > > -- > Regards, > Eric Magutu > > -- Regards, Eric Magutu