From owner-freebsd-questions@freebsd.org  Fri Aug 24 22:24:55 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8D5BC109592A
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri, 24 Aug 2018 22:24:55 +0000 (UTC)
 (envelope-from wmoreno3@hotmail.com)
Received: from NAM04-BN3-obe.outbound.protection.outlook.com
 (mail-oln040092009051.outbound.protection.outlook.com [40.92.9.51])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (Client CN "mail.protection.outlook.com",
 Issuer "Microsoft IT TLS CA 4" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1B43579BB3
 for <freebsd-questions@FreeBSD.org>; Fri, 24 Aug 2018 22:24:54 +0000 (UTC)
 (envelope-from wmoreno3@hotmail.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=PBwjmJYptQhDeurPMlAVwseICSNcGtzJjjrzqERGIHA=;
 b=BQmrcYbRowzXeMMpCanT7oBuc+tQ8Qz/qnCh7LF4II6ToslaKldzu59y90+3tEEtAkDoCT2Y9mVh92yswWLSeTaLNWm+vhUleKIhq9JUTEVYEy9J+aNblSyoOPewmigcizIXi/qOnm0d/b41lX53I5HrrniDC6xttZnXd9cBp8YhNjQPkmfR7yRVZlrXvFtrgyCy0SeriqVOmMQSC5fu5x8DVJ9mA4C7wrz9jFrfXCqVk+IAKKHA7/Um5BzZdZt9zZ7fGW3RpXY0nb9WyTcOblimx/Q89ChGQcIVZan7CZ4/JuVVuJnFqWqa+nFn+XDT/atZ/c6bTnd4f8fPmV3Okw==
Received: from BN3NAM04FT031.eop-NAM04.prod.protection.outlook.com
 (10.152.92.58) by BN3NAM04HT179.eop-NAM04.prod.protection.outlook.com
 (10.152.92.230) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.1080.9; Fri, 24
 Aug 2018 22:24:52 +0000
Received: from DM5PR19MB0057.namprd19.prod.outlook.com (10.152.92.59) by
 BN3NAM04FT031.mail.protection.outlook.com (10.152.92.64) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.20.1080.9 via Frontend Transport; Fri, 24 Aug 2018 22:24:52 +0000
Received: from DM5PR19MB0057.namprd19.prod.outlook.com
 ([fe80::e9e7:cc43:ba29:2fa5]) by DM5PR19MB0057.namprd19.prod.outlook.com
 ([fe80::e9e7:cc43:ba29:2fa5%4]) with mapi id 15.20.1080.015; Fri, 24 Aug 2018
 22:24:52 +0000
From: William Moreno <wmoreno3@hotmail.com>
To: "freebsd-questions@FreeBSD.org" <freebsd-questions@FreeBSD.org>
Subject: 30.3. PF Revised and updated by John Ferrell.
Thread-Topic: 30.3. PF Revised and updated by John Ferrell.
Thread-Index: AQHUO/VX0pfbWn8mMEC58B3RcyiOpA==
Date: Fri, 24 Aug 2018 22:24:52 +0000
Message-ID: <DM5PR19MB005703A39FED7B2A3EF8FB489F360@DM5PR19MB0057.namprd19.prod.outlook.com>
Accept-Language: es-CO, en-US
Content-Language: es-CO
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-incomingtopheadermarker: OriginalChecksum:FDB007F2CF10E688CB74BFEA31684F5BB9F2874AEAB07326BEAB0400328182DA;
 UpperCasedChecksum:E29DA4C51943552670BEA2EF8D6ACCB7D7A69EB325F376D7E2D27FBEFD4235EF;
 SizeAsReceived:6880; Count:43
x-tmn: [drCzbIxw3uj1XDJ0LwlztGho+W4qPjjx]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN3NAM04HT179;
 6:h0YAWJxxMeAQE9B40HrMD0lewACF0mMMGORrmln8pC+X+LRduwhxtOOG5hTD/U1VfWvDYJjkmfUPBav3yrS+SoqwlDDAmFEI+/0RwrTxbgYx0fLLxLx3jPkhal08R5nqiN14eFyumGyTK8CyoPCdF3de6NTxeKDkd7O1/CZ9yLhbjOcO8Vw8XI4rsdO64YGSRGVsPjegikTCyC/qpx1dlO/NL1EFOh5jE2EPQC8mFe9TEeQr7rdFb0sCFkPTYq/NUDEsEXVwuejR2OldSE3IhDLTs+QBEYRIJSbcaBkJwAKkShJxBB7o88mrTuuNx34XckHaOivXtxUM/n2zhj0qqYuP7bZ6QmRIhB1pXhO73ID9QyBF6JqujTitVsp6qlm1pH4gz3IcOM6ALE/QzVzkqN864aVxrWxTPUnfRYzB8126vzCZpV3w3n3fLo5CDoGnYC+Vb4BghJ3KSb2wKY8OPA==;
 5:PpMDythd7woowrQyhWjrs9t6OhiIyWRRCE13UwVPZNfHIsFeAV1nBkbzvvD4gH1uzMMrfYZw+jvbDZZRfkY/7l4S242gVOEbT9rttbvd0VSc0NsAW2xJtp+CP/woRF3fopvzbDAA9c0ilkU34Jrh4xPjE4MJePiw0MNRyGQD/5E=;
 7:p7Hv2fC29COthC7ax0Crwl4BXaePWQST/W875kl3QRW59m1jLvz75kYP/D9M6FuUTGdbYs1EDXvoKfLn51kHTF7o43nGY8d8wR0EXwXvjurjmcB0fUoJJ2pzgJFWu2bc7ILgoGuq/OWABrLViAO2oFdbAWzAkGk/RvaqiPTnx2l3mkJ3RAdoELpuYL8+hInnMmZqBJEC3q4QQ1bf54NxZVwYHiIWbVRXnguRs//Etw3S03tD9qEaJceAPUOL2ofC
x-incomingheadercount: 43
x-eopattributedmessage: 0
x-microsoft-antispam: BCL:0; PCL:0;
 RULEID:(7020095)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1603101475)(1601125500)(1701031045);
 SRVR:BN3NAM04HT179; 
x-ms-traffictypediagnostic: BN3NAM04HT179:
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(4566010)(82015058);
 SRVR:BN3NAM04HT179; BCL:0; PCL:0; RULEID:; SRVR:BN3NAM04HT179; 
x-forefront-prvs: 07749F8C42
x-forefront-antispam-report: SFV:NSPM;
 SFS:(7070007)(189003)(199004)(55016002)(2900100001)(236005)(9686003)(256004)(83332001)(20460500001)(104016004)(14454004)(476003)(5660300001)(73972006)(82202002)(966005)(486006)(86362001)(21615005)(99286004)(74316002)(606006)(102836004)(6916009)(7696005)(6506007)(68736007)(106356001)(81156014)(56003)(2351001)(87572001)(8936002)(6436002)(25786009)(2501003)(6306002)(54896002)(5640700003)(26005)(105586002)(5250100002)(33656002)(6346003)(97736004)(15852004);
 DIR:OUT; SFP:1901; SCL:1; SRVR:BN3NAM04HT179;
 H:DM5PR19MB0057.namprd19.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;
 MX:1; A:1; 
received-spf: None (protection.outlook.com: hotmail.com does not designate
 permitted sender hosts)
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=wmoreno3@hotmail.com; 
x-microsoft-antispam-message-info: mxKSfttoDWOt4VB77hiCvP/XwIl/GomG38fpruWoLdDjMCuu6FdMfF0CeByrYbWxu9MHSDr0gs2s9sblWhHe/3QUD50F9BNDosQEIqw/TrT02wftyrl1s3wq1UcLr2RkEmIz9GA//1TGQ6E6N+Rrets1UakPBGVJ0mhRi2DZwTrdXaS5z2W7FShRXUKfA4c7AFLaBYLX3bVGuN7vpJnnxEU0MyKa3aZ2fuIeKLRiaZI=
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: d4d70346-2c10-4f39-8c00-e767963926d9
X-MS-Exchange-CrossTenant-Network-Message-Id: 47f082ef-2df0-48d8-59e9-08d60a10693d
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: d4d70346-2c10-4f39-8c00-e767963926d9
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Aug 2018 22:24:52.0416 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3NAM04HT179
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.27
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Aug 2018 22:24:55 -0000

https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.htm=
l

30.3.3.1. A Simple Gateway with NAT

pass in on xl1 from xl1:network to xl0:network port $ports keep state

pass out on xl0 from xl1:network to xl0:network port $ports keep state

pass from $localnet to any port $ports keep state

Please explain me: How to implement =93 xl1:network - xl0:network - $localn=
et =93 ?

I tried different forms but negative, maybe yours commands are deprecated. =
Am I ready?

The following configuration is ready and test was OK in my FreeBSD 11.2 Ser=
ver.


root@server:~ # cat /etc/pf.conf

#       $FreeBSD: releng/11.2/share/examples/pf/pf.conf 293862 2016-01-14 0=
1:32:17Z kevlo $

#       $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $

#

# See pf.conf(5) and /usr/share/examples/pf for syntax and examples.

# Remember to set gateway_enable=3D"YES" and/or ipv6_gateway_enable=3D"YES"

# in /etc/rc.conf if packets are to be forwarded between interfaces.



ext_if=3D"igb0"

int_if=3D"igb1"



table <spamd-white> persist



set skip on lo



scrub in



#nat-anchor "ftp-proxy/*"

#rdr-anchor "ftp-proxy/*"

nat on $ext_if inet from !($ext_if) -> ($ext_if:0)

#rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021

no rdr on $ext_if proto tcp from <spamd-white> to any port smtp

#rdr pass on $ext_if proto tcp from any to any port smtp \

#       -> 127.0.0.1 port spamd



#anchor "ftp-proxy/*"

block in

pass out



pass quick on $int_if no state

antispoof quick for { lo $int_if }



#pass in on $ext_if proto tcp to ($ext_if) port ssh

pass in on $ext_if proto tcp to ($ext_if) port 38422

#pass in log on $ext_if proto tcp to ($ext_if) port smtp

#pass out log on $ext_if proto tcp from ($ext_if) to port smtp

pass in on $ext_if inet proto icmp from any to ($ext_if) icmp-type { unreac=
h, redir, timex }

root@server:~ # pfctl -vnf /etc/pf.conf

ext_if =3D "igb0"

int_if =3D "igb1"

table <spamd-white> persist

set skip on { lo }

scrub in all fragment reassemble

nat on igb0 inet from ! (igb0) to any -> (igb0:0)

no rdr on igb0 proto tcp from <spamd-white> to any port =3D smtp

block drop in all

pass out all flags S/SA keep state

pass quick on igb1 all no state

block drop in quick on ! lo inet6 from ::1 to any

block drop in quick on ! lo inet from 127.0.0.0/8 to any

block drop in quick inet from 127.0.0.1 to any

block drop in quick on ! igb1 inet from 192.168.1.0/24 to any

block drop in quick inet from 192.168.1.1 to any

block drop in quick inet6 from ::1 to any

block drop in quick on lo0 inet6 from fe80::1 to any

pass in on igb0 inet proto icmp from any to (igb0) icmp-type unreach keep s=
tate

pass in on igb0 inet proto icmp from any to (igb0) icmp-type redir keep sta=
te

pass in on igb0 inet proto icmp from any to (igb0) icmp-type timex keep sta=
te

pass in on igb0 proto tcp from any to (igb0) port =3D 38422 flags S/SA keep=
 state

root@server:~ #

Thanks,

William Moreno

Enviado desde Correo<https://go.microsoft.com/fwlink/?LinkId=3D550986> para=
 Windows 10