From owner-freebsd-pf@FreeBSD.ORG Fri Dec 25 22:01:07 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D7588106568B for ; Fri, 25 Dec 2009 22:01:07 +0000 (UTC) (envelope-from mksmith@adhost.com) Received: from mail-in05.adhost.com (mail-in05.adhost.com [216.211.128.135]) by mx1.freebsd.org (Postfix) with ESMTP id BD7478FC15 for ; Fri, 25 Dec 2009 22:01:07 +0000 (UTC) Received: from ad-exh01.adhost.lan (exchange.adhost.com [216.211.143.69]) by mail-in05.adhost.com (Postfix) with ESMTP id 505E698D9F6; Fri, 25 Dec 2009 14:01:07 -0800 (PST) (envelope-from mksmith@adhost.com) Received: from 192.168.136.3 ([192.168.136.3]) by ad-exh01.adhost.lan ([10.142.0.20]) with Microsoft Exchange Server HTTP-DAV ; Fri, 25 Dec 2009 22:01:06 +0000 User-Agent: Microsoft-Entourage/12.23.0.091001 Date: Fri, 25 Dec 2009 14:01:05 -0800 From: "Michael K. Smith" To: =?ISO-8859-1?B?ROFuaWVsaXN6?= =?ISO-8859-1?B?IEzhc3ps8w==?= , Anh Ky Huynh Message-ID: Thread-Topic: pf vs. afp Thread-Index: AcqFrcEoU2eeG/YMGUmaNmYSUdypdw== In-Reply-To: <151838.29532.qm@web30804.mail.mud.yahoo.com> Mime-version: 1.0 Content-type: text/plain; charset="ISO-8859-1" Content-transfer-encoding: quoted-printable Cc: freebsd-pf@freebsd.org Subject: Re: pf vs. afp X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Dec 2009 22:01:07 -0000 You can use the ($int_if) for traffic terminating on the firewall. Any traffic going through to another host needs to have the destination defined= . Could you include a complete copy (sanitized, of course) of your pf.conf file? There might be something else at work but it's hard to tell without the file. Kind Regards, Mike On 12/25/09 8:13 AM, "D=E1nielisz L=E1szl=F3" wrote: > I am using "($int_if)" for ports 22, 80 too and they are working as char= m. > This is how I defined it in my pf.conf: > int_if=3D"rl0" >=20 > Right now I can not try it but when I'll be able I'll try your idea and t= han I > will let you know how it works. >=20 > Thank you! >=20 >=20 >=20 > ________________________________ > From: Anh Ky Huynh > To: D=E1nielisz L=E1szl=F3 > Cc: freebsd-pf@freebsd.org > Sent: Fri, December 25, 2009 2:06:24 PM > Subject: Re: pf vs. afp >=20 > On Fri, 25 Dec 2009 04:33:03 -0800 (PST) > D=E1nielisz L=E1szl=F3 wrote: >=20 >>=20 >> ________________________________ >>=20 >> Hello, >>=20 >> It's been a while I struggeling how to deal with apf/netatalk >> passing trough my pf rules. If I disable pf everything is working >> great (but I still do want firewall on my server). I tried the >> following rule but it still don't lets me in: >>=20 >> pass in log on $int_if inet proto { tcp, udp } from $localnet to >> ($int_if) port=3D548 flags S/SA keep state >=20 > I think the problem is "($int_if)". You should use, for e.g, >=20 > from $localnet to 192.168.1.123 >=20 >> When I try a telnet on port 548 I got "Operation timed out", in >> pflog I can see that my Mac tries to connect but I have no clue why >> it can't when the coresponding port is open, do you have any idea? >=20 > Regards,