Here´s what i tried based on that but nothing seems to come back? or does it even go out. pftop snip attached below my conf.
Code:
ext_if1="bfe0" # Ulkoverkon kortti (DSL)
ext_if2="dc0" # Ulkoverkon kortti (Static)
int_if="xl0" # Sisäverkon kortti
ext_gw1="88.193.77.121"
ext_gw2="88.193.68.22"
# Macros
lahiverkko = $int_if:network
icmp_types = "{ 0, 3, 11 }"
#LAN machine 1 (pate)
pate = "{ 192.168.0.2 }"
patetcp = "{ 1412, 49995, 61027 }" #TCP portit, erottele pilkulla, jotka ohjataan koneelle (pate)
pateudp = "{ 1412, 49995, 61027 }" #UDP portit, - " -
#LAN machine 2 (texina)
texina = "{ 192.168.0.3 }"
texinatcp = "{ 1414, 2412, 8085, 50200 }" #TCP portit
texinaudp = "{ 1414, 2412 }" #UDP portit
#tablet
table <nonroutable> persist { 192.168.0.0/16, 127.0.0.0/8, 172.16.0.0/12,10.0.0.0/8, 0.0.0.0/8, 169.254.0.0/16,192.0.2.0/24, 204.152.64.0/23, \
224.0.0.0/3,255.255.255.255/32 }
# options
set block-policy return
set optimization aggressive
set loginterface $ext_if1
set loginterface $ext_if2
set skip on lo0
# scrub , Järjestele ja tarkista kaikki paketit sisään
scrub in all
# Nat ja Uudelleenohjaukset (Hoidettu ylempänä makroilla, ei tarvitse välttämättä vaihtaa alempia)
nat on $ext_if1 from $int_if:network to any -> ($ext_if1)
nat on $ext_if2 from $int_if:network to any -> ($ext_if2)
rdr pass on $ext_if1 proto tcp from any to any port $patetcp -> $pate
rdr pass on $ext_if1 proto udp from any to any port $pateudp -> $pate
rdr pass on $ext_if1 proto tcp from any to any port $texinatcp -> $texina
rdr pass on $ext_if1 proto udp from any to any port $texinaudp -> $texina
# rules
# block in log all
block in from any to any
block out from any to any
#block out on { $ext_if1 , $ext_if2 } from any to <nonroutable>
#block in log quick on { $ext_if1 , $ext_if2 } from <nonroutable> to any
# pass all outgoing packets on internal interface
pass out on $int_if from any to $lahiverkko
# pass in quick any packets destined for the gateway itself
pass in quick on $int_if from $lahiverkko to $int_if
pass in quick on $int_if route-to \
($ext_if2 $ext_gw2) \
proto udp from $lahiverkko port 28960 to any keep state
pass in on $int_if route-to \
($ext_if1 $ext_gw1) \
from $lahiverkko to any keep state
# general "pass out" rules for external interfaces
pass out on { $ext_if1 , $ext_if2 } from any to any
# route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
# $ext_if2 and $ext_gw2
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
#web and ssh on ADSL
pass in quick on $ext_if1 inet proto tcp from any to ($ext_if1) port 80 keep state
pass in quick on $ext_if1 inet proto tcp from any to ($ext_if1) port 22 keep state
Code:
tcp In 192.168.0.2:2328 128.30.52.52:80 CLOSED:SYN_SENT 00:00:01 00:00:29 1 48 48 5
tcp Out 192.168.0.2:2328 128.30.52.52:80 88.193.77.121:59053 SYN_SENT:CLOSED 00:00:01 00:00:29 1 48 48 6
tcp In 192.168.0.2:2329 128.30.52.52:80 CLOSED:SYN_SENT 00:00:01 00:00:29 1 48 48 5
tcp Out 192.168.0.2:2329 128.30.52.52:80 88.193.77.121:65359 SYN_SENT:CLOSED 00:00:01 00:00:29 1 48 48 6
?
What am i missing. I also tested to connect via port 28960 udp from my lan and pftop showed that its going out on right if. above i got when tried to open page with browser, which timed out after a while. atleast box can connect because my dnsmasq can provide dns information to LAN computers.