Thread: Pf Nat getting started ??
View Single Post
  #6   (View Single Post)  
Old 12th November 2008
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
Default
Quote:
Originally Posted by neurosis View Post
Internet <-> FreeBSD Gateway <-> Linksys Router <-> Private Network
I wonder why you still would need the Linksys router if your FreeBSD box, plays for firewall/gateway


Quote:
Originally Posted by neurosis View Post
I do have one question however. Is it possible to write a rule that allows all traffic to pass out through the Gateway from 10.1.10.2 but not in?
Code:
pass out quick on $ext_if from 10.1.10.2 to any flags S/SA modulate state
<-- would that rule work?
Yes that would work for TCP traffic. You would need a similar rule for UDP like this
Code:
pass out quick on $ext_if inet proto udp from 10.1.10.2 to any keep state
The icmp one is similar although I would restrict that to echo requests only (used by ping ).
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote