Date: Sun, 16 Sep 2001 16:48:02 +0200 From: rene@xs4all.nl To: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> Cc: questions@freebsd.org Subject: Re: ping fails (setup: pptp, ppp, adsl (xs4all.nl), ipf, IPv4) Message-ID: <20010916164802.I7106@xs4all.nl> In-Reply-To: <20010915155651.F19439-100000@cactus.fi.uba.ar>; from fgleiser@cactus.fi.uba.ar on Sat, Sep 15, 2001 at 03:57:24PM -0300 References: <20010915204109.G7106@xs4all.nl> <20010915155651.F19439-100000@cactus.fi.uba.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 15, 2001 at 03:57:24PM -0300, Fernando Gleiser wrote: > Please post also your ipf and ipnat conf files. > > > Fer > allrighty; -- /etc/ipf.rules # Let loopback packets through pass in quick on lo0 all pass out quick on lo0 all # Disallow direct access to the Alcatel block out log quick on xl0 from any to 10.0.0.138 port = 21 block out log quick on xl0 from any to 10.0.0.138 port = 23 block out log quick on xl0 from any to 10.0.0.138 port = 80 # Allow all other communication pass out quick on xl0 from 10.0.0.139/32 to 10.0.0.138 pass in quick on xl0 from 10.0.0.138/32 to 10.0.0.139 # Anti-spoofing rules block in log quick on tun0 from 0.0.0.0/8 to any block in log quick on tun0 from 127.0.0.0/8 to any block in log quick on tun0 from 10.0.0.0/8 to any block in log quick on tun0 from 172.16.0.0/12 to any block in log quick on tun0 from 192.168.0.0/16 to any block in log quick on tun0 from 169.254.0.0/16 to any block in log quick on tun0 from 224.0.0.0/3 to any # Own IP address block in log quick on tun0 from 194.109.196.149 to any # Traffic from and to local LAN pass in quick on de0 proto tcp from 192.168.102.0/24 to any keep state pass in quick on de0 proto udp from 192.168.102.0/24 to any keep state pass in quick on de0 proto icmp from 192.168.102.0/24 to any keep state # (additional rules go here that allow access to the gateway) pass out quick on de0 proto tcp from any to 192.168.102.0/24 keep state pass out quick on de0 proto udp from any to 192.168.102.0/24 keep state pass out quick on de0 proto icmp from any to 192.168.102.0/24 keep state # Allow traffic to go out pass out quick on tun0 proto tcp from any to any keep state pass out quick on tun0 proto udp from any to any keep state pass out quick on tun0 proto icmp from any to any keep state --- /etc/ipnat.rules map lo0 192.168.102.0/24 -> 0/32 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010916164802.I7106>