Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 26 Mar 2009 20:07:59 +0300
From:      Eric Magutu <>
To:        "Michael K. Smith - Adhost" <>
Subject:   Re: first firewall with pf
Message-ID:  <>
In-Reply-To: <17838240D9A5544AAA5FF95F8D52031605B42A8F@ad-exh01.adhost.lan>
References:  <> <op.ura05ywcflcvyi@da1-desktop-x64> <17838240D9A5544AAA5FF95F8D52031605B4283F@ad-exh01.adhost.lan> <> <17838240D9A5544AAA5FF95F8D52031605B42A8F@ad-exh01.adhost.lan>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hi Micheal,
I was trying to simulate the conditions of the server on a test machine. I'm
pretty sure now I didn't take into account all the network aspects, silly
mistake :-) Its probably my routing. I will check on my routes tomorrow and
get back to you.
I think there is only one active interface though.

On Thu, Mar 26, 2009 at 7:33 PM, Michael K. Smith - Adhost <> wrote:

> Hello Eric:
> Hi everyone,
> Can you provide a little more information about your topology?  Right now,
> you only have one interface defined in your rules, but you are attempting to
> pass traffic between two subnets.  That would suggest you have two
> interfaces and, if so, both need to be accounted for in your rules below.
>  You'll have to have pass/block rules for both.  It looks like this:
> -> le0 <firewall> -> (some other interface) ->
> Could you tell me if that is correct?
> Thanks,
> Mike
> ----- Original Message Snipped -----
> Thanks for all your input so far. I have tried to implement all you
> suggestions but have gotten stuck. I set up a test machine in the office
> with the ip  and encountered the following problems:
> when I enables antispoofing the firewall didn't work
> when I tried allowing the subnet it worked ok but when i tried
> connecting from machines on the 172.16 subnet I was unable to connect.
> Can you please let me know what I'm doing wrong?
> ----------------------------------------

Eric Magutu

Want to link to this message? Use this URL: <>