Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 26 Sep 2010 09:34:46 -0400
From:      Michael Powell <nightrecon@hotmail.com>
To:        freebsd-questions@freebsd.org
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: pf
Message-ID:  <i7ni0m$ids$1@dough.gmane.org>
References:  <AANLkTingNA5V4b9UdE_Yotqtuy1RMx190phMzn5UrMdi@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Samuel Martín Moro wrote:

> Hello,
> 
> 
> I'm trying to set up pf on my soon-to-be new gateway (8.1-RELEASE amd64).
> I used the sample configuration file available on
> calomel<https://calomel.org/pf_config.html>;
> After a few tests, it appears that the gate has fully access to the
> internet, but I can't open connections from clients to distant servers
> (web, ssh, ...).
> Checking pflog log file, I can't see anything about those timeouts, even
> if I added the log directive in every block/pass command.
> Everything else seems to work, I can talk with my DNS from the internet,
> ssh redirections to another pc also seems to works.
> I just can't access the Internet from a client of my network...
> 
> For debugging, I commented out the options and the 'block all in/out'
> directives.
> 
> Here's my config file http://pastebin.com/Nim2zBCx
> 
> Is there someone understanding what I'm doing wrong?
> 
The firewall ruleset is a trifle overly complex for a quick glance; study 
and analysis would take some doing. However, if you can reach the internet 
from the firewall box and other client computers behind your NAT can't 
(which is what it sounds like you're describing) it may be just that you are 
missing gateway_enable="YES" in your /etc/rc.conf. 

Turning this "ON" makes your firewall box into a router. The status of this 
can be checked with: sysctl net.inet.ip.forwarding  - a "0" means no gateway 
and a "1" means gateway.

-Mike
 





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?i7ni0m$ids$1>