From owner-freebsd-pf@FreeBSD.ORG  Mon Mar  5 07:54:30 2007
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 7436C16A403
	for <freebsd-pf@freebsd.org>; Mon,  5 Mar 2007 07:54:30 +0000 (UTC)
	(envelope-from Greg.Hennessy@nviz.net)
Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.112.4.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 3FF7713C46B
	for <freebsd-pf@freebsd.org>; Mon,  5 Mar 2007 07:54:30 +0000 (UTC)
	(envelope-from Greg.Hennessy@nviz.net)
Received: from gw2.local.net (unknown [62.3.210.251])
	by smtp.nildram.co.uk (Postfix) with ESMTP id C56822B61A9
	for <freebsd-pf@freebsd.org>; Mon,  5 Mar 2007 07:54:27 +0000 (GMT)
From: "Greg Hennessy" <Greg.Hennessy@nviz.net>
To: <rance@frontiernet.net>, <freebsd-pf@freebsd.org>
References: <20070305043922.qgd8g96zo6jo0g0k@webmail.frontiernet.net>
In-Reply-To: <20070305043922.qgd8g96zo6jo0g0k@webmail.frontiernet.net>
Date: Mon, 5 Mar 2007 07:54:20 -0000
Message-ID: <000301c75efb$7b8bf300$72a3d900$@Hennessy@nviz.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Acde53ZijISPB/VDQxmk6GCY+s+Q/wAEyACA
Content-Language: en-gb
X-Antivirus: avast! (VPS 000721-1, 03/03/2007), Outbound message
X-Antivirus-Status: Clean
Cc: 
Subject: RE: home router with internal services available question
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Mar 2007 07:54:30 -0000

> could someone please explain the "right" way to do this, or point me
> to the right doc,
> I'm willing to learn if I can find the right teacher.

Make the 1st packet filtering rule 

	block log all

and from there read the firewall logs in real time with 

	tcpdump -s 96 -nleti pflog0 

which will tell you what traffic is being dropped by the firewall. 


Add the relevant rules, et voila. 

By DHCP I assume you're running ISC dhcpd on the firewall itself ? Otherwise
you will need to relay the dhcp requests through the firewall. 



Greg