Quote:
Originally Posted by EverydayDiesel
Code:
# allow this user to pass all traffic
pass from $user_ip to any
pass from any to $user_ip
|
I neglected to add the
log option to those two rules. My apologies.
While you are testing, you will find the
log option very helpful. Some people use it only with their block rules, but when testing a new ruleset I prefer them on all rules.
A pass or block rule requires the
log option for pflog(4) to capture its traffic.
I'm confused by the rule I highlighted below in red. It would only work if the innermost device is a webserver and an SSH server. I don't think that's what you intended, since your innermost device is intended to be a client.
Every TCP or UDP packet is defined by
TWO different ports. An
origination port, also called a
source port, and a
destination port. The $TCP_PORT numbers you defined are destination port numbers. Destination port numbers are listened to by servers, and sent to by clients typically using high numbered, random source ports.
Code:
TCP_PORT = "{ 80 ssh }"
UDP_PORT = "{ 53 }"
pass in on athn0 proto tcp from any to $user_ip port $TCP_PORT
pass out on athn0 proto udp from any to $user_ip port $UDP_PORT
pass from $user_ip to any
If you want the authenticated device to be able to reach servers listening at the ports defined by $TCP_PORT, try this rule instead:
pass in proto tcp from $user_ip to any port $TCP_PORT
Check your pass rules -- most are written without consideration of destination port numbers associated with the server, not the client
Quote:
|
tcpdump shows nothing :-/
|
Make sure the
log option is defined on every block rule - in that way you will be able to
see the traffic that does not match any of your pass rules, and is caught by the block rules.
But, for better analysis of new rulesets, add the
log option to your pass rules also. In that way, you can see which pass rule applies to passed traffic -- it may not be the rule you expect.