From owner-freebsd-questions@FreeBSD.ORG Thu Mar 6 18:02:21 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D3106106566C for ; Thu, 6 Mar 2008 18:02:21 +0000 (UTC) (envelope-from alaorneto@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.182]) by mx1.freebsd.org (Postfix) with ESMTP id 952BF8FC19 for ; Thu, 6 Mar 2008 18:02:21 +0000 (UTC) (envelope-from alaorneto@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so2307075waf.3 for ; Thu, 06 Mar 2008 10:02:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=zB+6elHYLhXaBfYK+o5a49REwCWmo3Lohxi5VJauK0s=; b=GZP1hxIYiv8dVrf0ZAFm4EHlpVw2R2m4isvgA9emFHXjLYbBYeJ8S6BwKgt3irtZs571GykC4QCTkkVi8qstZz/FcOLmL1UgDefCmpF4iH0vGll53p7mXanVvqsDW39wJFaFXh4x/o/ak9P+VI8AHylKkHbsXoOMEU4OVjQgqmI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=TfZ4EXXqRoEWn6xiAOApKLjy6MH49y856oA1ZWq+Gr/6bFW5djfCzrtobrgpWDo04k1/bLcG7X2fycFwR5dtvtSnepSGTDQ2yeBucEjap5IV41V+L7ulwVLAN0NSb6tZZ5ZnLYKtBGsBSUe03LEff8N5n6hlfADy0Kvcw6s5ovY= Received: by 10.114.25.3 with SMTP id 3mr172772way.22.1204826540153; Thu, 06 Mar 2008 10:02:20 -0800 (PST) Received: by 10.114.235.15 with HTTP; Thu, 6 Mar 2008 10:02:20 -0800 (PST) Message-ID: <2949641c0803061002t1861694ajb5ce75559a23bc33@mail.gmail.com> Date: Thu, 6 Mar 2008 15:02:20 -0300 From: "Alaor Barroso de Carvalho Neto" To: "Erik Norgaard" In-Reply-To: <47D00412.40803@locolomo.org> MIME-Version: 1.0 References: <2949641c0803060554q2ecba5e7g7920bf0b252277c9@mail.gmail.com> <47D00412.40803@locolomo.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: Please help me with my PF config X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Mar 2008 18:02:21 -0000 2008/3/6, Erik Norgaard norgaard@locolomo.org: > > You can add log statements to your nat rules to see which is applied. > > > pass quick proto icmp from any to any keep state > > pass quick from $adm_net to $cefet_servers keep state > > pass quick from $cefet_servers to $adm_net keep state > > It appears that ping is passed by the first rule, but other protocols > are not matched in the second/third rule. > > > block quick from any to $cefet_net > > block quick from $cefet_net to any > > Then it is probably blocked here. Thankz, brother, it worked. I need the nat to work with the firewall config of the other school. Then, I saw in the log that the traffic going through the 10.10.0.50 (my if) to the servers was being blocked. For me saying that adm_net should communicate with cefet_server would be enough to the firewall understand that it should pass trough any if on the way. I know my config is far away from a good config but it's the first time I configure an firewall, and I have only basic english knowledge, I'm not totally sure about I can and I can not do, even since I read the tutorials, because my english skills aren't good enough. The "IN" and "OUT" stuff is very confusing for me yet. But thankz a lot, it's working now. Hugs, Alaor Neto