Quote:
Originally Posted by sharris
I even believe FreeBSD 8.0 is either using a older version of PF...
|
I warned you of this upfront.
Quote:
...what detail-information (net-numbers) are we not suppose to post since this is more about network security?
|
Public addresses. Posting private
RFC1918 addresses should be inconsequential.
Quote:
I do wonder why it starts with 10.0.10.2 and not 10.0.0.0 or 10.0.10.0.
|
The answer to this question comes from comprehending basic subnetting.
An address of 10.0.0.0 with no explicit subnet mask implies a /8 network with a subnet mask of 255.0.0.0. Given that
any IPv4 address represents a network component & host component, 10.0.0.0 has no host bits set. This situation is known as the
"subnet address" & should not be assigned to any specific host. Neither should a host be assigned the address where all host bits are set to one -- in this case 10.255.255.255 -- which is used as the broadcast address for the 10.0.0.0/8 subnet.
- One of the reasons why this isn't allowed comes from the RIP version 1 routing protocol.
- Other artifactual reasons can be found from studying the early RFC's.
One of the most referred to introductions to IPv4 subnetting is the following:
http://www.apnic.net/__data/assets/p...147/501302.pdf
Note that the formatting of this paper has problems with displaying exponents.
Another good introduction to subnetting is:
http://www.cisco.com/web/about/ac123...addresses.html
Quote:
Is there a strong working pf example for this type of LAN set-up?
|
"Strong working pf example" is a myth. Again, it appears you are wanting a canned solution which can be dropped into place without thought. If you continue playing in the Open Source world, you will find that doing
lots of research & experimentation is the norm. Why? Because at some point, you will want to do something a little different, change something, & things will break. You will be the only one who can pick up the pieces, & doing so will require working knowledge of the fundamentals. By your own admission, you have only put in a week of trying to put together a network.
Really understanding the fundamentals will take time. Lots of it, with a great deal of critical pondering.
And by the way, Hansteen discusses the fundamentals of what you need to focus on here in the beginning at the following:
http://home.nuug.no/~peter/pf/en/bas...tml#GWPITFALLS
Quote:
It takes an expert to come-up with the combination of keywords...
|
The undercurrent in this statement is that the subject is too hard. It just takes time, patience, & tenacity. Developing a strong sense of curiosty & patience is required.
Quote:
Than you learn FreeBSD is not OpenBSD and all code don't work the same.
|
This actually is one of your best observations so far. You will need to post in the FreeBSD section asking where FreeBSD-types go for
pf(4) information. I can tell you now, that studying what information can be found in the FreeBSD Handbook is a
very good start:
http://www.freebsd.org/doc/en_US.ISO...ewalls-pf.html