From owner-freebsd-questions@FreeBSD.ORG Fri Jun 9 05:52:50 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 87F4E16A419 for ; Fri, 9 Jun 2006 05:52:50 +0000 (UTC) (envelope-from mikhailg@webanoide.org) Received: from overlord.navalradio.cl (overlord.navalradio.cl [201.236.67.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id D8F0F43D70 for ; Fri, 9 Jun 2006 05:52:49 +0000 (GMT) (envelope-from mikhailg@webanoide.org) Received: from [192.168.0.4] (ppp110-20.lns1.hba1.internode.on.net [150.101.110.20]) (authenticated bits=0) by overlord.navalradio.cl (8.13.4/8.13.4) with ESMTP id k595qDRc084503; Fri, 9 Jun 2006 01:52:27 -0400 (CLT) (envelope-from mikhailg@webanoide.org) Message-ID: <44890C84.1070304@webanoide.org> Date: Fri, 09 Jun 2006 15:52:04 +1000 From: Mikhail Goriachev Organization: Webanoide User-Agent: Thunderbird 1.5.0.4 (Macintosh/20060530) MIME-Version: 1.0 To: Pat Maddox References: <810a540e0606082221n488bf220q3846d9c79b47e1ad@mail.gmail.com> In-Reply-To: <810a540e0606082221n488bf220q3846d9c79b47e1ad@mail.gmail.com> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-99.9 required=5.0 tests=AWL,USER_IN_WHITELIST autolearn=ham version=3.1.1 X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on overlord.navalradio.cl Cc: FreeBSD Questions Subject: Re: Need some help with PF rule letting two machines access each other X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jun 2006 05:52:50 -0000 Pat Maddox wrote: > 12.34.56.78 runs a server on port 1234 > 87.65.43.21 should connect to this > > Both of them have PF rulesets that block off most traffic, keeping > open the publically available ports I need open. In this case though, > any traffic over this port should only be between these two machines. > I've tried to set this up, but I keep getting operation not permitted, > connection refused, and connection reset by peer errors. Thanks for > any info. Hi, This'll do: EIF=eif # external interface HOSTA=12.34.56.78 # host A HOSTB=87.65.43.21 # host B # These lines go on host A pass in quick on $EIF from $HOSTB to $EIF port 1234 pass out quick on $EIF from $EIF to $HOSTB port 1234 # These lines go on host B pass in quick on $EIF from $HOSTA to $EIF port 1234 pass out quick on $EIF from $EIF to $HOSTA port 1234 Put those lines somewhere at the beginning of your pf.conf files. Also, if I may add, this is very basic and you should consult/read/learn PF's guide. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: mikhailg@webanoide.org Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B