Date: Sun, 26 Sep 2010 09:34:46 -0400 From: Michael Powell <nightrecon@hotmail.com> To: freebsd-questions@freebsd.org Cc: freebsd-hackers@freebsd.org Subject: Re: pf Message-ID: <i7ni0m$ids$1@dough.gmane.org> References: <AANLkTingNA5V4b9UdE_Yotqtuy1RMx190phMzn5UrMdi@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Samuel MartÃn Moro wrote: > Hello, > > > I'm trying to set up pf on my soon-to-be new gateway (8.1-RELEASE amd64). > I used the sample configuration file available on > calomel<https://calomel.org/pf_config.html>; > After a few tests, it appears that the gate has fully access to the > internet, but I can't open connections from clients to distant servers > (web, ssh, ...). > Checking pflog log file, I can't see anything about those timeouts, even > if I added the log directive in every block/pass command. > Everything else seems to work, I can talk with my DNS from the internet, > ssh redirections to another pc also seems to works. > I just can't access the Internet from a client of my network... > > For debugging, I commented out the options and the 'block all in/out' > directives. > > Here's my config file http://pastebin.com/Nim2zBCx > > Is there someone understanding what I'm doing wrong? > The firewall ruleset is a trifle overly complex for a quick glance; study and analysis would take some doing. However, if you can reach the internet from the firewall box and other client computers behind your NAT can't (which is what it sounds like you're describing) it may be just that you are missing gateway_enable="YES" in your /etc/rc.conf. Turning this "ON" makes your firewall box into a router. The status of this can be checked with: sysctl net.inet.ip.forwarding - a "0" means no gateway and a "1" means gateway. -Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?i7ni0m$ids$1>