View Single Post
  #2   (View Single Post)  
Old 15th January 2009
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

You have your directions mixed up . To understand how pf sees the the in and out directions, place yourself (a little imagination is needed) inside this diagram at the place marked PF.
Code:
         IN        OUT
                   
          |        /|\
          |       / | \
          |         |
          |         |
        \ | /       |
         \|/        |
----------|---------|----------
          |         |
        external interface
          |        /|\
          |       / | \
          |         |
          |   PF    |
          |         |
        \ | /       |
         \|/        |
        internal interface
          |         |
----------|---------|----------
          |        /|\
          |       / | \
          |         |
        \ | /       |
         \|/        |
         OUT       IN
  • External interface
    Incoming traffic on the external interface is originates from the Internet.

    Outgoing packets on the external interface are either originated by the PF box itself, or by your local LAN (incoming on your internal NIC)
  • Internal interface
    Incoming packets on the internal interface are generated by your local LAN, and are destined either for the PF box itself, or have to go out from the external interface to the internet.

    Outgoing packets on the internal interface either originate locally from the PF box itself , or from the the Internet, where they were incoming on the external NIC.

So this rule has to be adjusted:
Quote:
# Allowed Outbound
pass out quick on $IntIF proto $OB_proto from $IntIF/24 to any port $OB_ports
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote