View Single Post
  #6   (View Single Post)  
Old 14th December 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I have set up a lab with 4 machines across three networks, and am testing with your PF configuration.
  • Machines on both your LANs can make TCP connections outbound to arbitrary ports anywhere on the Internet.
  • Arbitrary LAN to WLAN connections can be established
  • I could not establish arbitrary WLAN to LAN connections, see below.
  • I could not recreate your "add pass rules and can't get to the Internet" error -- your three added rules, when added to the end of the configuration file, did not prevent arbitrary Internet connection from either LAN. By the way, your last rule of the three does not have correct syntax -- as it references a port number, it must also use proto tcp.
You cannot connect from your WiFi LAN to your wired LAN due to this rule:
Code:
# wlan -> pppoe
block in log quick on $if_wlan to $if_lan:network
You need to pass this traffic rather than block it.



I am not clear why you are using explicit block quick rules throughout your ruleset, since you begin with a block all any traffic that does not match an explicit pass rule will be blocked. It makes your ruleset hard to read and understand.
Reply With Quote