From owner-freebsd-questions@FreeBSD.ORG Thu Mar 26 16:33:40 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3D1B51065754 for ; Thu, 26 Mar 2009 16:33:40 +0000 (UTC) (envelope-from mksmith@adhost.com) Received: from mail-in02.adhost.com (mail-in02.adhost.com [216.211.128.132]) by mx1.freebsd.org (Postfix) with ESMTP id 135BD8FC18 for ; Thu, 26 Mar 2009 16:33:39 +0000 (UTC) (envelope-from mksmith@adhost.com) Received: from ad-exh01.adhost.lan (exchange.adhost.com [216.211.143.69]) by mail-in02.adhost.com (Postfix) with ESMTP id 86702CBCD3B; Thu, 26 Mar 2009 09:33:39 -0700 (PDT) (envelope-from mksmith@adhost.com) X-MimeOLE: Produced By Microsoft Exchange V6.5 MIME-Version: 1.0 x-pgp-encoding-format: MIME x-pgp-mapi-encoding-version: 2.5.0 Content-Type: multipart/signed; boundary="PGP_Universal_50CFAC38_8E27EF7A_A6125355_CF2A4A92"; protocol="application/pgp-signature"; micalg=pgp-sha1 x-pgp-encoding-version: 2.0.2 Content-class: urn:content-classes:message Date: Thu, 26 Mar 2009 09:33:38 -0700 Message-ID: <17838240D9A5544AAA5FF95F8D52031605B42A8F@ad-exh01.adhost.lan> In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: first firewall with pf Thread-Index: AcmuHm2fFK+SuZ+hTu2KD1NArbF7rQAEabcw References: <53529.216.241.167.212.1237911183.squirrel@webmail.pknet.net> <17838240D9A5544AAA5FF95F8D52031605B4283F@ad-exh01.adhost.lan> From: "Michael K. Smith - Adhost" To: "Eric Magutu" Cc: freebsd-questions@freebsd.org Subject: RE: first firewall with pf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Mar 2009 16:33:41 -0000 --PGP_Universal_50CFAC38_8E27EF7A_A6125355_CF2A4A92 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: QUOTED-PRINTABLE Hello Eric: Hi everyone, Can you provide a little more information about your topology? Right now, = you only have one interface defined in your rules, but you are attempting t= o pass traffic between two subnets. That would suggest you have two interf= aces and, if so, both need to be accounted for in your rules below. You'll= have to have pass/block rules for both. It looks like this: 172.16.0.0/16 -> le0 -> (some other interface) -> 10.0.0.0 Could you tell me if that is correct? Thanks, Mike ----- Original Message Snipped ----- Thanks for all your input so far. I have tried to implement all you suggest= ions but have gotten stuck. I set up a test machine in the office with the = ip 10.0.0.110=C2=A0 and encountered the following problems: when I enables antispoofing the firewall didn't work=20 when I tried allowing the 10.0.0.0 subnet it worked ok but when i tried con= necting from machines on the 172.16 subnet I was unable to connect.=20 Can you please let me know what I'm doing wrong?=20 ---------------------------------------- --PGP_Universal_50CFAC38_8E27EF7A_A6125355_CF2A4A92 Content-Type: application/pgp-signature; name="PGP.sig" Content-Transfer-Encoding: 7BIT Content-Disposition: attachment; filename="PGP.sig" -----BEGIN PGP SIGNATURE----- Version: 9.9.1 (Build 287) iQEVAwUBScuuYvTXQhZ+XcVAAQi6Kgf/XkAf0SSrFMAYa6r5FZGCLp4gJ6o+nIIz 2z1e4vUHq4OV46q6ADTHyu5ELVrGiwweKr2Ix97vmNEVSfGbHGxSezdtLK7Zh5zp GY4GwAMyL4DtCu9rT43U4AXmsDzNK1A7gJdfuIO8dwXwB2PDeTLhsb394Ygvla/1 +xYx3guNBdyLxxRE8pfAf9AnzAkgOIKM/hz3FWWo0ucepHEKgVUjQ8xejCA5siz4 UdWsx3Iu/NKXyjds+iAAYaKMnVLV6GazfMpt6Tw9/Xu/5Po4gX8qJfP0C7KX1kgo yis9YJM1cvB0M+fVtZzSwLQQFZWGjQRCT8+mk9soZMKPjMB/XY79gw== =AohS -----END PGP SIGNATURE----- --PGP_Universal_50CFAC38_8E27EF7A_A6125355_CF2A4A92--