Date: Thu, 5 Mar 2020 09:50:24 +0000 From: kaycee gb <kisscoolandthegangbang@hotmail.fr> To: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: Re: Communication between routing domains and nat Message-ID: <VE1PR03MB56298AEBEAB8EDC6DAB82B56A0E20@VE1PR03MB5629.eurprd03.prod.outlook.com> In-Reply-To: <VE1PR03MB562931A6CA1034C2C604288FA0E20@VE1PR03MB5629.eurprd03.prod.outlook.com> References: <VE1PR03MB562931A6CA1034C2C604288FA0E20@VE1PR03MB5629.eurprd03.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Here is my pf.conf. I tried to slim it down as much as possible and in the =
same
time preserve important informations in my opinion. I can reproduce what I =
said
before with those lines.=20
table <reserved> { $private_nets }
table <xcast> { $bcast_nets, $ext_if:broadcast }
table <sshguard> persist
table <torenodes> persist
nat on $ext_if inet from $j2 to any port 53 -> ( $ext_if )=20
pass quick on lo0 from 127.0.0.1 to 127.0.0.1
pass quick on lo0 from $j2 to $j2 rtable 2
block log quick on lo0
block log quick on jsw1
pass out log quick on jsw2 proto udp from $j2 to $service1 port 53 rtable 0
pass out log quick on jsw2 proto udp from $j2 to $service1ext port 53 rtabl=
e 0
block log quick on jsw2
pass in quick on tun0 proto udp from $tun0net to $vcns port 53 rtable 0
pass quick on { tun0, tun1 } proto gre
block log quick on tun0
block log quick on tun1
pass in quick on gre0 proto ospf from { $gre0vc, $gre0rsn }
pass in quick on gre1 proto ospf from { $gre1vc, $gre1rsn }
pass out quick on gre0 proto ospf from { $gre0vc, $gre0rsn }
pass out quick on gre1 proto ospf from { $gre1vc, $gre1rsn }
pass in quick on { gre0, gre1 } proto udp from $service1 to $vcns port 53
rtable 0=20
pass in quick on { gre0, gre1 } proto udp from $rsnnet2 to $vcns port
53 rtable 0=20
pass in quick on { gre0, gre1 } proto tcp from $service1 to $vcns
port 53 rtable 0=20
pass in quick on { gre0, gre1 } proto tcp from $rsnnet2 to
$vcns port 53 rtable 0=20
pass in quick on { gre0, gre1 } proto tcp from
{ $rsnnet1, $rsnnet2 } to $vcsrv port 22=20
pass quick on { gre0, gre1 } proto gre
block log quick on gre0
block log quick on gre1
block log quick on gre2
block in quick on $ext_if from <sshguard>
block in quick on $ext_if from <reserved>
block in quick on $ext_if to <xcast>
block in quick on $ext_if proto tcp from <torenodes> to $ext_ip port 22
pass in quick on $ext_if proto tcp from any to $ext_ip port 22
block in log quick on $ext_if to $ext_ip
pass out quick on $ext_if from $ext_ip
block out log quick on $ext_if from ! $ext_ip
block log quick
Maybe someone would see something I can't see myself.=20
kaycee,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?VE1PR03MB56298AEBEAB8EDC6DAB82B56A0E20>