Date: Wed, 20 Jun 2012 23:57:10 +0800 From: ProAce <proace@gmail.com> To: Erik Osterholm <erik@barragry.com> Cc: freebsd-questions@freebsd.org Subject: Re: packet filter problem on transparent firewall using bridge and pf Message-ID: <CAL0-vtuZGCAHsxPut29%2BcEA5NTS9_oNJo76hPF-DxgTE3PK38g@mail.gmail.com> In-Reply-To: <CAC9giQaDuiBPsNSPvdsZeUK2EizC-J7QcN7wyYmhL__ngKoWfg@mail.gmail.com> References: <CAL0-vtvJ6Q5-OTZrvcFSggNbo7ouzeyYUQODF7ktstTSq3o3XQ@mail.gmail.com> <CAC9giQaDuiBPsNSPvdsZeUK2EizC-J7QcN7wyYmhL__ngKoWfg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> 2012/6/20 Erik Osterholm <erik@barragry.com>: > > > Try adding logging to the rules, enable pflog, and see which rule is blocking. > > Erik hmm.... I discovered some things from log. Even if the packet hit a rule ( pass in quick on bridge0 .... ) , the packet still is blocked by block out rule ( block out on bridge0 ). So, I change some configuration. 1. bind freebsd ip ( 10.1.1.1 ) on em0 2. change some pf rules ( please see below ) pf.conf my_net=10.1.1.0/24 serv1="10.1.1.101" client1="10.1.6.73" set skip lo0 set skip bridge0 block in all block out all pass in log quick on em0 from $my_net to $my_net pass out log quick on em1 from $my_net to $my_net pass in log quick on em1 from $my_net to any pass out log quick on em0 from $my_net to any pass in log quick on em0 from $client1 to $serv1 pass out log quick on em1 from $client1 to $serv1 It's work now! :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAL0-vtuZGCAHsxPut29%2BcEA5NTS9_oNJo76hPF-DxgTE3PK38g>