Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 26 Mar 2009 09:33:38 -0700
From:      "Michael K. Smith - Adhost" <mksmith@adhost.com>
To:        "Eric Magutu" <emagutu@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   RE: first firewall with pf
Message-ID:  <17838240D9A5544AAA5FF95F8D52031605B42A8F@ad-exh01.adhost.lan>
In-Reply-To: <e9cb8190903260723y40f12cd9s7af35670f7285627@mail.gmail.com>
References:  <53529.216.241.167.212.1237911183.squirrel@webmail.pknet.net> <op.ura05ywcflcvyi@da1-desktop-x64> <17838240D9A5544AAA5FF95F8D52031605B4283F@ad-exh01.adhost.lan> <e9cb8190903260723y40f12cd9s7af35670f7285627@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

--PGP_Universal_50CFAC38_8E27EF7A_A6125355_CF2A4A92
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: QUOTED-PRINTABLE

Hello Eric:


Hi everyone,

Can you provide a little more information about your topology?  Right now, =
you only have one interface defined in your rules, but you are attempting t=
o pass traffic between two subnets.  That would suggest you have two interf=
aces and, if so, both need to be accounted for in your rules below.  You'll=
 have to have pass/block rules for both.  It looks like this:

172.16.0.0/16 -> le0 <firewall> -> (some other interface) -> 10.0.0.0

Could you tell me if that is correct?

Thanks,

Mike

----- Original Message Snipped -----
Thanks for all your input so far. I have tried to implement all you suggest=
ions but have gotten stuck. I set up a test machine in the office with the =
ip 10.0.0.110=C2=A0 and encountered the following problems:

when I enables antispoofing the firewall didn't work=20

when I tried allowing the 10.0.0.0 subnet it worked ok but when i tried con=
necting from machines on the 172.16 subnet I was unable to connect.=20

Can you please let me know what I'm doing wrong?=20
----------------------------------------

--PGP_Universal_50CFAC38_8E27EF7A_A6125355_CF2A4A92
Content-Type: application/pgp-signature;
	name="PGP.sig"
Content-Transfer-Encoding: 7BIT
Content-Disposition: attachment;
	filename="PGP.sig"

-----BEGIN PGP SIGNATURE-----
Version: 9.9.1 (Build 287)

iQEVAwUBScuuYvTXQhZ+XcVAAQi6Kgf/XkAf0SSrFMAYa6r5FZGCLp4gJ6o+nIIz
2z1e4vUHq4OV46q6ADTHyu5ELVrGiwweKr2Ix97vmNEVSfGbHGxSezdtLK7Zh5zp
GY4GwAMyL4DtCu9rT43U4AXmsDzNK1A7gJdfuIO8dwXwB2PDeTLhsb394Ygvla/1
+xYx3guNBdyLxxRE8pfAf9AnzAkgOIKM/hz3FWWo0ucepHEKgVUjQ8xejCA5siz4
UdWsx3Iu/NKXyjds+iAAYaKMnVLV6GazfMpt6Tw9/Xu/5Po4gX8qJfP0C7KX1kgo
yis9YJM1cvB0M+fVtZzSwLQQFZWGjQRCT8+mk9soZMKPjMB/XY79gw==
=AohS
-----END PGP SIGNATURE-----

--PGP_Universal_50CFAC38_8E27EF7A_A6125355_CF2A4A92--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?17838240D9A5544AAA5FF95F8D52031605B42A8F>