Thread: Pf.conf issues
View Single Post
  #1   (View Single Post)  
Old 3rd January 2011
afcelie afcelie is offline
New User
 
Join Date: Dec 2010
Posts: 8
Default Pf.conf issues

I am trying to get Nat working but I think I don't see it :
below is an example of my config file:
I do have apache running locally for now.

# cat pf.conf
web_serv_int = "192.168.7.232"
web_serv_ext = "192.168.1.1"
# gateways

set skip on lo
#
block in all
#block in quick on em0 from 192.168.0.0/16 to any
block in quick on em0 from 172.16.0.0/12 to any
block in quick on em0 from 10.0.0.0/8 to any
block in quick on em0 from 127.0.0.0/8 to any
block in quick on em0 from 0.0.0.0/8 to any
block in quick on em0 from 169.254.0.0/16 to any
block in quick on em0 from 192.0.2.0/24 to any
block in quick on em0 from 204.152.64.0/23 to any
block in quick on em0 from 224.0.0.0/3 to any
#pass in quick on em0 from 192.168.1.0/24 to any
#pass out all

tcp_services = "{ ssh, smtp, www, domain, pop3, auth, pop3s }"
udp_services = "{ domain }"

#Network adress translations
pass on em0 from $web_serv_int to any binat-to $web_serv_ext

#Rules
pass in proto tcp to port $tcp_services
pass proto udp to port $udp_services
pass out on em1 from 192.168.7.232 to any nat-to 192.168.1.1
#block in quick from urpf-failed to any # use with care

# By default, do not permit remote connections to X11
block in on ! lo0 proto tcp to port 6000:6010
Reply With Quote