Date: Thu, 21 Apr 2005 14:17:17 +0200 From: peter@bgnett.no (Peter N. M. Hansteen) To: freebsd-questions@freebsd.org Subject: Re: PF: Blocks my workstation on boot Message-ID: <86pswol3xu.fsf@amidala.datadok.no> In-Reply-To: <20050421094712.E50BE4BEAD@ws1-1.us4.outblaze.com> (Fafa Diliha Romanova's message of "Thu, 21 Apr 2005 04:47:12 -0500") References: <20050421094712.E50BE4BEAD@ws1-1.us4.outblaze.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Fafa Diliha Romanova" <fteg@london.com> writes: > I have to write this command on my server after every reboot to allow > my workstation to access the Internet through it: Ok, so the server here is the gateway. > # pfctl -F a ; pfctl -Nf /etc/pf.conf ; pfctl -sr and you essentially turn off everything except the NAT rules. I think the problem is that your rule set does not have any rules that let packets from your local net (I assume $int_if:network) pass IN via the firewall's lan-facing network interface. I think a rule like pass in on $int_if from $int_if:network to any port $allowedports keep state or even pass from $int_if:network to any port $allowedports keep state (if you can do without the extra per interface housekeeping) would make things a bit easier. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86pswol3xu.fsf>