Date: Thu, 10 Mar 2005 16:11:31 -0500 (EST) From: Gardner Bell <gbell72@rogers.com> To: freebsd-questions@freebsd.org Subject: Problem with pf.conf Message-ID: <20050310211131.8098.qmail@web88007.mail.re2.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hello all, I'm trying to reconfigure a more restrictive packet filtering firewall for my home network but am running into some trouble. When I run dhclient dc0 at an attempt to obtain an IP address from my ISP I receive the normal: DHCPREQUEST on dc0 to 255.255.255.255 port 67 DHCPDISCOVER on dc0 to 255.255.255.255 port 67 DHCPDISCOVER eventually fails after the fourth or fifth try. When I run tcpdump at the same time as dhclient dc0 I receive the following arp requests. The 70.xxx.xxx.x is my gateway I'm trying to communicate with. 14:59 arp who-has 7.x.xxx.xxx tell 70.xxx.xxx.x ... I see about 3-400 of these. Here is a partial excerpt of my pf.conf with what I believe to be the most relevant sections needed to obtain an ISP on the WAN nic. pass out on $ext_if proto tcp from any to x.x.x.x port 53 keep state pass out on $ext_if proto udp from any to x.x.x.x port 53 keep state The above lines are duplicated as I have two nameservers that I am able to use. To contact my ISPs DHCP I use the following pass out on $ext_if proto udp from any to x.x.x.x port 68 keep state pass in on $ext_if from x.x.x.x to any port 68 keep state I also seem to be having a problem with the same NAT directive I've used on less restrictive firewalls. nat on $ext_if from $int_if:network to any -> ($ext_if) Any help is greatly appreciated Reagrds, Gardner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050310211131.8098.qmail>