Date: Wed, 26 Jul 2006 10:46:39 -0700 From: Jeffrey Williams <jeff@sailorfej.net> To: freebsd-pf@freebsd.org Subject: Re: SV: nat/outbound traffic not passing in pf on FreeBSD 6.1 Message-ID: <44C7AA7F.7060904@sailorfej.net> In-Reply-To: <013101c6b0ba$371645d0$152ea8c0@phobos> References: <013101c6b0ba$371645d0$152ea8c0@phobos>
next in thread | previous in thread | raw e-mail | index | archive | help
Morgan wrote: >> pf.conf entries: >> >> oif="em0" >> onwr="o.o.33.40/29" >> oip="o.o.33.46" >> >> iif="em1" >> inwr="i.i.10.0/24" >> iip="i.i.10.1" >> >> is1="i.i.10.15" >> >> scrub in all >> >> nat on $oif from $inwr to any -> $oif >> >> rdr on $oif proto tcp from any to $oip port 1000 -> $is1 port 22 >> >> block in log all >> >> pass in on $oif proto tcp from any to $is1 port 22 keep state >> pass in on $oif proto tcp from any to $oip port 22 keep state >> >> pass in on $iif inet from $inwr to any keep state >> pass out on $oif inet from $oip to any keep state (additional rule >> referred to above that needed to be added to enable outbound >> connections, should not be needed?) >> >> antispoof for $oif >> antispoof for $iif > > Where is your pass rule for your internal interface and for your loopback > for that matter? > > Pass on lo0 all > Pass on em1 all > > /PP > > I am not running anything that is trying to use the loopback interface on this box. The following rule passes traffic in on the internal interface, "pass in on $iif inet from $inwr to any keep state", and there is no rule blocking traffic out on the internal interface. Thanks, Jeff
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44C7AA7F.7060904>