Quote:
Originally Posted by calanon
So the anchor is linked. With the other point would this be correct:
|
You do not need to use separate
/users/ authpf rule files, unless you need rules that are unique to each authenticating user. You can use $user_ip or $user_id in a single rules file, as each user who authenticates will have its set of rules defined under its own anchor point, located at the authpf/* anchor point you defined.
Quote:
Originally Posted by calanon
It could be my words are wrong:
So I use this bsd machine as the gateway from my exposed LAN to the DMZ.
I want to be able to ssh authpf to the bsd box. Then once authenticated I can ssh into any box in the DMZ. I feel my rules do not reflect this.
|
Is the address 192.168.14.10 the address of the external interface? Your pass rule
Code:
pass in on $extif proto tcp to ($extif) port $allowed_tcp_ports
is the only TCP pass rule in effect, until you authenticate. This rule will pass TCP traffic inbound on the external interface from any IP address, with any source port number, as long as the destination address is an address assigned to that external interface, with a destination port number matching the port numbers for ssh, https, and rdp defined in /etc/services.