|
|||
PF Configuration for newbie
Hi all,
I am Unix newbie, and recently i've set up a OpenBSD box to route between my two subnets. The problem is, I never managed to make it work. I've enabled ip forwarding, and turned pf on, and made some rules in my pf.conf, but packets simply won't route. Here's my ifconfig Code:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33204 priority: 0 groups: lo inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:50:ba:3e:7b:b9 priority: 0 media: Ethernet autoselect (none) status: no carrier inet 192.168.4.1 netmask 0xffffff00 broadcast 192.168.4.255 inet6 fe80::250:baff:fe3e:7bb9%rl0 prefixlen 64 scopeid 0x1 vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:05:5d:fc:c8:8a priority: 0 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.100.15 netmask 0xffffff00 broadcast 192.168.100.255 inet6 fe80::205:5dff:fefc:c88a%vr0 prefixlen 64 scopeid 0x2 enc0: flags=0<> mtu 1536 priority: 0 pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33204 priority: 0 groups: pflog Code:
# pfctl -sn nat on rl0 inet from 192.168.100.0/24 to any -> 192.168.4.1 nat on vr0 inet from 192.168.4.0/24 to any -> 192.168.100.15 # pfctl -sr scrub in all fragment reassemble pass in all flags S/SA keep state pass in inet proto icmp all icmp-type echoreq keep state pass out inet proto icmp all icmp-type echoreq keep state block drop in on ! lo0 proto tcp from any to any port = 6000 Cheers Last edited by Carpetsmoker; 20th August 2009 at 08:41 PM. Reason: Add [code] tags for the sake of readability. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Newbie kernel question | sbonar | Programming | 11 | 17th August 2009 11:40 PM |
k3b, configuration. | maxrussell | FreeBSD Ports and Packages | 4 | 3rd March 2009 04:23 AM |
What makes a perfect newbie? | jggimi | Feedback and Suggestions | 32 | 19th October 2008 02:58 AM |
FreeBSD 7.0, tightvnc and jdk16 - newbie | master-richie | FreeBSD Ports and Packages | 5 | 9th July 2008 04:45 PM |
Newbie NAT problem | TiN-MAN | FreeBSD Installation and Upgrading | 2 | 26th June 2008 06:42 AM |