View Single Post
  #7   (View Single Post)  
Old 5th December 2012
pcronin pcronin is offline
Port Guard
 
Join Date: May 2012
Posts: 19
Default

Here's my pf.conf, terribly uncommented :P
A note: this was a 3 NIC machine with the wireless (a dlink dr-615) being on XL1, but things like iTunes wifi sync and library sharing weren't working despite attempts to forward those ports.

Another note: when you remove a NIC, remember to comment out any lines referencing it in pf.conf, otherwise pf will fail to load and you'll scratch your head as to why your box doesn't pass packets

Code:
# cat /etc/pf.conf
## em0 = int lan
## xl0 = to wan
## xl1 = wireless

pass in on em0 proto tcp from any to any port 80 rdr-to 127.0.0.1 port 3128
#pass in on xl1 proto tcp from any to any port 80 rdr-to 127.0.0.1 port 3128
pass in on em0 inet proto tcp from any to 127.0.0.1 port 3128 keep state
#pass in on xl1 inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on xl0 inet proto tcp from any to any port www keep state
#pass out on xl0 from xl1:network to any nat-to (xl0)
pass out on xl0 from em0:network to any nat-to (xl0)

I know it's a horrible mess, but it works. I'm going to sit down with the advance PF FAQs "soon"(tm).

Last edited by pcronin; 5th December 2012 at 03:47 PM. Reason: changed from "quote" to "code"
Reply With Quote