View Single Post
Old 26th May 2008
robbak's Avatar
robbak robbak is offline
Real Name: Robert Backhaus
VPN Cryptographer
 
Join Date: May 2008
Location: North Queensland, Australia
Posts: 366
Default

Oh, I didn't see that you had misnamed int_if and ext_if.

these macros are used for routers: int_if is for the internal facing interface, and ext_if is the external interface. Like this:
Code:
             ##########################
Internet-----#ext_if   Router   int_if#-------{Internal Network}
             ##########################
Bogon filtering is used on the external interface to keep bogus packets out of your network.

One wonders why bogon filtering is needed on a box that has no direct connection - this should be done on your router - but, if you do, then you will, of course, need an exception for your local networks. I don't do enough of this to feel confident about writing out a ruleset, but, first, use $loopback (or just lo0 - everyone knows what the loopback is) for the loopback, and anything other than ext_if for the other interface, so you don't confuse us.
Something like
Code:
local=192.168.1.1/24
pass on $interface from $local tag LOCAL 
block quick on $interface from <bogons> not tagged LOCAL
I have no idea if that would work, but it should give you a start for troubleshooting.
__________________
The only dumb question is a question not asked.
The only dumb answer is an answer not given.

Last edited by robbak; 26th May 2008 at 01:17 AM.
Reply With Quote