Quote:
Originally Posted by jggimi
You do not need to use separate /users/ authpf rule files, unless you need rules that are unique to each authenticating user. You can use $user_ip or $user_id in a single rules file, as each user who authenticates will have its set of rules defined under its own anchor point, located at the authpf/* anchor point you defined.
Is the address 192.168.14.10 the address of the external interface? Your pass rule
Code:
pass in on $extif proto tcp to ($extif) port $allowed_tcp_ports
is the only TCP pass rule in effect, until you authenticate. This rule will pass TCP traffic inbound on the external interface from any IP address, with any source port number, as long as the destination address is an address assigned to that external interface, with a destination port number matching the port numbers for ssh, https, and rdp defined in /etc/services. |
Yes that is the external interface, so what rule would I need once authenticated to allow SSH to be passed through the internal interface allowing me to SSH to other boxes in that DMZ ?