From owner-freebsd-questions@FreeBSD.ORG Thu Mar 26 17:08:01 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 242771065672 for ; Thu, 26 Mar 2009 17:08:01 +0000 (UTC) (envelope-from emagutu@gmail.com) Received: from mail-ew0-f171.google.com (mail-ew0-f171.google.com [209.85.219.171]) by mx1.freebsd.org (Postfix) with ESMTP id 811E68FC15 for ; Thu, 26 Mar 2009 17:08:00 +0000 (UTC) (envelope-from emagutu@gmail.com) Received: by ewy19 with SMTP id 19so642151ewy.43 for ; Thu, 26 Mar 2009 10:07:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=l/aRKFGq9LOArqOmLn81VXgz8fw5s1+AwmLMOtemKxw=; b=udKL2iZwWPfii2EKy29dBLc6YV2d+sQ5SeaX0OKJoCZpBz2yH1j63N0iy/9bbqVUD4 9rrl0W/R/A4p5214dq9nbSI+NUoxGePiziNYJ8/ARRtC3NEzXgwEyvS0e6vHVVn07xad gxlzfgyRci1+g3le/BfNhilWkRx6NrduxGFtM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=jr1JL+ystgz7pUUl5Ke5kG4uxK8sinvOIln1PEetaazRU7G54qx0mURgwZS2x+rZPk W6rEQKh/i/Xvzi+m7Qi2TYD1JKnMFNJkNo0I56hnYlwUPuq9fgU6D+I9ZIkMfTC5JTec EqVkpmI6kOfLcqCJK/rK8DdImQnmceKjHCu7E= MIME-Version: 1.0 Received: by 10.216.29.80 with SMTP id h58mr449363wea.159.1238087279367; Thu, 26 Mar 2009 10:07:59 -0700 (PDT) In-Reply-To: <17838240D9A5544AAA5FF95F8D52031605B42A8F@ad-exh01.adhost.lan> References: <53529.216.241.167.212.1237911183.squirrel@webmail.pknet.net> <17838240D9A5544AAA5FF95F8D52031605B4283F@ad-exh01.adhost.lan> <17838240D9A5544AAA5FF95F8D52031605B42A8F@ad-exh01.adhost.lan> Date: Thu, 26 Mar 2009 20:07:59 +0300 Message-ID: From: Eric Magutu To: "Michael K. Smith - Adhost" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: first firewall with pf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Mar 2009 17:08:01 -0000 Hi Micheal, I was trying to simulate the conditions of the server on a test machine. I'm pretty sure now I didn't take into account all the network aspects, silly mistake :-) Its probably my routing. I will check on my routes tomorrow and get back to you. I think there is only one active interface though. On Thu, Mar 26, 2009 at 7:33 PM, Michael K. Smith - Adhost < mksmith@adhost.com> wrote: > Hello Eric: > > > Hi everyone, > > Can you provide a little more information about your topology? Right now, > you only have one interface defined in your rules, but you are attempting to > pass traffic between two subnets. That would suggest you have two > interfaces and, if so, both need to be accounted for in your rules below. > You'll have to have pass/block rules for both. It looks like this: > > 172.16.0.0/16 -> le0 -> (some other interface) -> 10.0.0.0 > > Could you tell me if that is correct? > > Thanks, > > Mike > > ----- Original Message Snipped ----- > Thanks for all your input so far. I have tried to implement all you > suggestions but have gotten stuck. I set up a test machine in the office > with the ip 10.0.0.110 and encountered the following problems: > > when I enables antispoofing the firewall didn't work > > when I tried allowing the 10.0.0.0 subnet it worked ok but when i tried > connecting from machines on the 172.16 subnet I was unable to connect. > > Can you please let me know what I'm doing wrong? > ---------------------------------------- > -- Regards, Eric Magutu