SV: nat/outbound traffic not passing in pf on FreeBSD 6.1
Jeffrey Williams
jeff at sailorfej.net
Wed Jul 26 17:46:41 UTC 2006
Morgan wrote:
>> pf.conf entries:
>>
>> oif="em0"
>> onwr="o.o.33.40/29"
>> oip="o.o.33.46"
>>
>> iif="em1"
>> inwr="i.i.10.0/24"
>> iip="i.i.10.1"
>>
>> is1="i.i.10.15"
>>
>> scrub in all
>>
>> nat on $oif from $inwr to any -> $oif
>>
>> rdr on $oif proto tcp from any to $oip port 1000 -> $is1 port 22
>>
>> block in log all
>>
>> pass in on $oif proto tcp from any to $is1 port 22 keep state
>> pass in on $oif proto tcp from any to $oip port 22 keep state
>>
>> pass in on $iif inet from $inwr to any keep state
>> pass out on $oif inet from $oip to any keep state (additional rule
>> referred to above that needed to be added to enable outbound
>> connections, should not be needed?)
>>
>> antispoof for $oif
>> antispoof for $iif
>
> Where is your pass rule for your internal interface and for your loopback
> for that matter?
>
> Pass on lo0 all
> Pass on em1 all
>
> /PP
>
>
I am not running anything that is trying to use the loopback interface
on this box.
The following rule passes traffic in on the internal interface, "pass in
on $iif inet from $inwr to any keep state", and there is no rule
blocking traffic out on the internal interface.
Thanks,
Jeff
More information about the freebsd-pf
mailing list