Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 25 Dec 2009 14:01:05 -0800
From:      "Michael K. Smith" <mksmith@adhost.com>
To:        =?ISO-8859-1?B?ROFuaWVsaXN6?= =?ISO-8859-1?B?IEzhc3ps8w==?= <laszlo_danielisz@yahoo.com>, Anh Ky Huynh <kyanh@viettug.org>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: pf vs. afp
Message-ID:  <C75A7621.DFEC1%mksmith@adhost.com>
In-Reply-To: <151838.29532.qm@web30804.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
You can use the ($int_if) for traffic terminating on the firewall.  Any
traffic going through to another host needs to have the destination defined=
.

Could you include a complete copy (sanitized, of course) of your pf.conf
file?  There might be something else at work but it's hard to tell without
the file.

Kind Regards,

Mike


On 12/25/09 8:13 AM, "D=E1nielisz L=E1szl=F3" <laszlo_danielisz@yahoo.com> wrote:

> I am using  "($int_if)" for ports 22, 80 too and they are working as char=
m.
> This is how I defined it in my pf.conf:
> int_if=3D"rl0"
>=20
> Right now I can not try it but when I'll be able I'll try your idea and t=
han I
> will let you know how it works.
>=20
> Thank you!
>=20
>=20
>=20
> ________________________________
> From: Anh Ky Huynh <kyanh@viettug.org>
> To: D=E1nielisz L=E1szl=F3 <laszlo_danielisz@yahoo.com>
> Cc: freebsd-pf@freebsd.org
> Sent: Fri, December 25, 2009 2:06:24 PM
> Subject: Re: pf vs. afp
>=20
> On Fri, 25 Dec 2009 04:33:03 -0800 (PST)
> D=E1nielisz L=E1szl=F3 <laszlo_danielisz@yahoo.com> wrote:
>=20
>>=20
>> ________________________________
>>=20
>> Hello,
>>=20
>> It's been a while I struggeling how to deal with apf/netatalk
>> passing trough my pf rules. If I disable pf everything is working
>> great (but I still do want firewall on my server). I tried the
>> following rule but it still don't lets me in:
>>=20
>> pass in log on $int_if inet proto { tcp, udp } from $localnet to
>> ($int_if) port=3D548  flags S/SA keep state
>=20
> I think the problem is "($int_if)". You should use, for e.g,
>=20
>     from $localnet to 192.168.1.123
>=20
>> When I try a telnet on port 548 I got "Operation timed out", in
>> pflog I can see that my Mac tries to connect but I have no clue why
>> it can't when the coresponding port is open, do you have any idea?
>=20
> Regards,

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C75A7621.DFEC1%mksmith>