Quote:
Originally Posted by calanon
I have the following rules.
Code:
### Packets from Internal Network ###
pass in on $intif inet proto icmp all icmp-type $icmp_types keep state
pass in on $intif proto tcp to $intif port $allowed_tcp_ports
pass in on $extif inet proto icmp all icmp-type $icmp_types keep state
pass proto tcp to any port $allowed_tcp_ports
pass inet proto icmp all icmp-type $icmp_types keep state
What I want to achieve is this:
intif is on the internal network and will be the gateway to get out of the network. So from inside the network I want to be able to ping ssh and https to anything outside of the network via $extif. But, I do not want aynone to be able to use the SSH, https ports from outside the network to the $extif.
client machine {ssh 192.168.0.50} >> gateway {10.10.10.10} >> forward to $extif >>> server {192.168.0.50 }
server {192.168.0.50 } ssh 10.10.10.10 >>> block ssh denied
What have I done wrong in my rules? |
Sorry if that looks strange. Here is a better version:
client machine-10.10.10.5 {ssh} >> gateway {10.10.10.10} >> forward to $extif >>> server {192.168.0.50 }
server {192.168.0.50 } ssh 10.10.10.10 >>> block ssh denied
I am assuming now that the first 3 rules are probably not even required or?
I thought they were required to allow ssh to pass through $intif to $extif