Site Navigation

Date:      Tue, 12 Dec 2006 21:38:59 -0600
From:      "Travis H." <travis@subspacefield.org>
To:        freebsd-pf@freebsd.org
Subject:   Re: Help with <other_clients> issue
Message-ID:  <20061213033859.GA5482@subspacefield.org>
In-Reply-To: <bf7af5e50612080639p76f4a530x20d70677cac434fd@mail.gmail.com>
References:  <bf7af5e50612080639p76f4a530x20d70677cac434fd@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--YZ5djTAD1cGYuMQK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Dec 08, 2006 at 08:39:29AM -0600, Isaac Grover wrote:
> ext_if=3D"xl2"
> ext_net=3D$ext_if:network
> wireless_if=3D"xl1"
> wireless_if_addr=3D"192.168.100.1"
> wireless_net=3D$wireless_if:network
> my_laptop=3D"192.168.100.X"

Is that censored or really an X?

> table <other_clients> { $wireless_net, !$my_laptop }

No point in excluding your laptop because all your rules are permits.

> nat on $ext_if from <other_clients> to any port $tcp_services -> ($ext_if)
> nat on $ext_if from $my_laptop to any -> ($ext_if)
>=20
> rdr on $wireless_if inet proto tcp from $wireless_net to any port 80
> -> $wireless_if_addr port 3080

Try putting the "pass" keyword on these, it fixes things if you forget the
nat/rdr occurs before the filter rules.
=20
> pass out on $ext_if inet proto tcp from $wireless_net to any port 3080
> keep state
> pass out on $ext_if inet proto tcp from <other_clients> to any port
> $tcp_services keep state
> pass out on $ext_if inet proto tcp from $my_laptop to any keep state
> pass out on $ext_if inet proto udp from $wireless_net to any port
> $udp_services keep state
> pass inet proto icmp from any to any

Feed your rules into pf and see what pfctl -s all says they expand to.
Redirect it to a file or use "screen" then "screen -r".
--=20
"Cryptography is nothing more than a mathematical framework for
discussing various paranoid delusions." -- Don Alvarez
<URL:http://www.subspacefield.org/~travis/>; -><-

--YZ5djTAD1cGYuMQK
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (OpenBSD)

iQIVAwUBRX9102QVZZEDJt9HAQLN/A//SbB1bwhajwchBMDNfKkGdlaGwjG57/49
vLgPY0Y1DRnv+ZZdyK2SLhC7SVaUj5BW9gndPg2a1ehStOaUb3ywBjjv2EPGGj+V
cnpX7lEVBZwN/7jtJaWz4Q+yk3dRY+bGnJmrUTPARWyfTpC/a/wwekpa5fjcpgeD
7OV1xSmzVbq4sRps+tJ7DopwzTFgPzSuMScnF0ezx8dMXTBrT1Qn0zKTW0Sg2AkG
+GGmnBRJxldwRABoNkWikda3as7qK2C47Rz6F7pkVq18TqdaMxz6jMbI7OvHrIcq
cuqTnP2CFEnwks3zvQib5mr8zbfDrNAd8QWcgl4slAea4yYL9yZlQTXKGrgOxIYC
mLXftLVNoWwSlD4nEspcneU0fI4Ae0MB8Dr3iaBinTN6XQs1vJ9z0KJpksb9sOoS
2yCvDztEqdCADLN6ko0Dbn9u5KbrmV0oj+qpgRVg3W2tF3LG/kyo2fa9FmD6962W
JmcN2imOHQhMRvBaHa92K4Nrc+Bqhb1IxwqeTvRxUTE/dagRVYXE13U6WqaMDKc/
v9HXP5FNIIGXcNcGpO/2BLKuQfEkPA1gQA456EbgK+iSaTCdI58RgjRoTVfN+ZLe
YJzXZm79NFM40qA8yWNI3bbWt+T/OEoJkVQtA4/4rsqHtoS0F+dVfCVwYrYIpgR/
d1hxwlf+hXI=
=CcSL
-----END PGP SIGNATURE-----

--YZ5djTAD1cGYuMQK--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061213033859.GA5482>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact