View Single Post
Old 29th April 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
...I could not SSH into the OBSD box...
I saw this rule:
Code:
block return in quick on $int_if proto tcp from ! 192.168.2.1 \
   to $int_if port ssh
Your file does not say why you have this rule. It blocks access to the router from any internal connection that has an address other than 192.168.2.1.

I recommend adding comments for the purpose of every rule. That way, several years from now, you won't have to ask yourself, "WTF?!!?" when you read the rule set.

Lastly, I do see a nat-to rule after all; its the last rule in your set. My apologies. I guess I'm used to seeing NAT in match rules at the top of a ruleset, rather than as a pass rule at the bottom.
Reply With Quote