DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 6th November 2008
jones jones is offline
New User
 
Join Date: Jun 2008
Posts: 5
Thanked 0 Times in 0 Posts
Default Simple Firewall with PF

Hi, this thread could fit into many different forums here, please move it if it will suit somewhere else better

I am trying to set up my laptop(PC-BSD 7.0) to act as a router allowing my eee running OpenBSD to connect to my university wireless network.

The uni network use a WPA-Enterprise network, that isnt supported by openbsd yet, but i have working with the PC-BSD laptop. The network uses a proxy for http connections, but this might also effect other traffic I havent found a conclusive result yet.

I have two network interfaces rum0(connects to uni wireless) and bge0 (to connect to the OpenBSD machine).

I am not entirely sure the steps i need to set this up, so far i have gotten a basic pf.conf together(mostly gleamed for the book of PF), but with this config the PC-BSD machine cannot get any connection to the outside world.

Code:
ext_if = "rum0"         ##Macro for uniwireless network
int_if = "bge0"         ##Macro for openbsd network
localnet = $int_if:network
client_out = "{ssh, domain, auth, nntp,http,\
                https,2628,5999,8000,8080}"
udp_services = "{domain}"
icmp_types = "{ echoreq,unreach }"

nat on $ext_if from $localnet to any -> ($ext_if)

block all

pass quick inet proto {tcp, udp} from $localnet to any port $udp_services
pass log inet proto icmp all icmp-type $icmp_types
pass inet proto tcp from $localnet to any port $client_out
Any help with getting this connection up and running is much appreciated
__________________
------------------------------
jones on the Super Dimension Fortress
SDF Public Access System - http://sdf.lonestar.org
Reply With Quote
  #2   (View Single Post)  
Old 6th November 2008
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 337
Thanked 32 Times in 30 Posts
Default

Do you have forwarding enabled?

sysctl net.inet.ip.forwarding should be 1.
Reply With Quote
  #3   (View Single Post)  
Old 7th November 2008
jones jones is offline
New User
 
Join Date: Jun 2008
Posts: 5
Thanked 0 Times in 0 Posts
Default

The sysctl wasn't set, thanks for that. My issue is that i cannot get DNS to resolve with that PF rule set, its probably just my lack of knowledge, am i missing something obvious?
__________________
------------------------------
jones on the Super Dimension Fortress
SDF Public Access System - http://sdf.lonestar.org
Reply With Quote
  #4   (View Single Post)  
Old 7th November 2008
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 337
Thanked 32 Times in 30 Posts
Default

I'm not sure how new PF is on PC-BSD. When you run pfctl -s rules, do you see stuff like flags S/SA and keep state in them? If not, you will have to add them, especially the keep state directives. Add 'log' to the block all rule and run a tcpdump on pflog0 to see what actually gets blocked (you'll have to take 'log' out of that pass rule, or it'll confuse you)..

P.S. add set skip on lo0 - things may break without it; if you trust everything on your local network, add set skip on bge0 as well.

Last edited by DutchDaemon; 7th November 2008 at 02:24 AM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Simple human front-end for 'bc(1)', the unlimited precision calculator J65nko Guides 1 2nd February 2013 06:50 PM
A simple question Mr-Biscuit Off-Topic 1 16th April 2009 04:26 PM
Help With [seemingly] Simple Problem MustLearn FreeBSD General 3 7th October 2008 10:05 AM
Simple/easy ircd Weaseal FreeBSD Ports and Packages 0 17th July 2008 12:31 PM
Quick, simple tcsh tips for beginners anomie Guides 6 5th May 2008 08:07 PM


All times are GMT. The time now is 02:25 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick