|
|||
pf.conf / Which interface ?
Hello everybody !
I'm installing an OpenBSD 4.6 CARPed firewall cluster and I doubt of my pf.conf. My physical interface is "vic0". There are 8 vlan interfaces "vlan10", "vlan20", "vlan30", ... There are 8 carp interfaces "carp10", "carp20", "carp30", ... If I would like to allow HTTP from vlan10 to vlan20, which rule is correct ? pass in on vlan10 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80 pass in on carp10 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80 pass in on vic0 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80 After reading the Man Page, I Think that the first one is correct, is it correct ? Thanks ! |
|
|||
Quote:
Code:
pass out quick on vlan10 inet proto tcp from $vlan10_subnet to $vlan20_subnet port 80
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Okay, the right interface is "vlan10" and not "carp10".
What looks like a basic ruleset for CARPed Firewall ? Have you got an exemple ? Thanks a lot for your help. |
|
|||
http://www.openbsd.dk/faq/pf/carp.html has an example
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Web interface for rTorrent | Beastie | FreeBSD Ports and Packages | 0 | 24th August 2009 11:53 AM |
CARP interface with DHClient | xinform3n | OpenBSD General | 5 | 22nd July 2009 12:41 PM |
NAT with only one interface | zapov | General software and network | 4 | 16th February 2009 03:45 AM |
difference between rc.conf and loader.conf | disappearedng | FreeBSD General | 5 | 3rd September 2008 05:54 AM |
Web interface for pf? | windependence | OpenBSD Security | 4 | 20th May 2008 03:58 AM |