Thread: pf rdr problem
View Single Post
Old 21st March 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

Quote:
Originally Posted by SchippStrich View Post
If the two internal interface are attached to the box running PF with my default deny policy, wouldn't traffic be blocked on all interfaces unless explicitly mentioned to pf?
That's how I understand it.
That is correct, with a default deny policy you have to explictly define rules which allow traffic between192.168.1.0/24 and 192.168.2.0/24.

But you also need to define default gateways.
  • The boxes of the 192.168.1.0/24 network need to define192.168.1.1 as the default gateway.

    This means that all traffic with a non-192.168.1.0 destination needs to directed to 192.168.1.1.
  • The wireless clients on 192.168.2.0/24 need to be told that 192.168.2.1 is the default gateway.

    Here the non-192.168.2.0 packets need to be sent to 192.168.2.1

You can set the default gateway on OpenBSD machines without rebooting with
Code:
 # route add default 192.168.1.1
For a permanent, reboot surviving setting use
Code:
# echo 192.168.1.1 >/etc/mygate
Or configure DHCP on the OBSD router to do this.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote