DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 12th August 2012
nekoneko nekoneko is offline
New User
 
Join Date: Aug 2012
Posts: 3
Thanked 0 Times in 0 Posts
Default Configuring PF for NAT

I'm trying to set up pf on OpenBSD 5.1 to act as a router, but am having some trouble.

I have two network interfaces:
- urtw0 (internet)
- em0 (trusted internal network)

I want to route all traffic from the em0 network to the internet, and allow SSH connections from em0 to sshd on the OpenBSD box. All other ports should be closed.

My pf.conf looks like this:

block in
pass out on egress from em0:network to any nat-to (egress)
pass in on em0 proto tcp to self port 22

... But with these rules, I can't get to the internet from em0. If I change the last rule in pf.conf to:

pass in on em0

...then it works fine. I don't know much about pf (I'm more of an iptables person), but it looks like I need to actually open the ports I want to route. I don't want to open all ports on em0 - I only want port 22 to be open.

How can I do this?

Thanks!
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Configuring X with 9800gt fails. Daffy OpenBSD General 8 27th February 2012 02:21 PM
Problems configuring carp nocturnal OpenBSD General 0 23rd October 2011 01:58 PM
configuring second NIC tomp OpenBSD Installation and Upgrading 19 15th August 2011 07:25 PM
Help configuring pine cssgalactic FreeBSD General 4 29th June 2008 11:50 PM
Need Help Configuring Postfix iainnitro General software and network 6 8th June 2008 04:55 AM


All times are GMT. The time now is 09:12 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick