Date: Fri, 09 Jun 2006 12:40:31 +0200 From: Erik Norgaard <norgaard@locolomo.org> To: Pat Maddox <pergesu@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Need some help with PF rule letting two machines access each other Message-ID: <4489501F.7070501@locolomo.org> In-Reply-To: <810a540e0606082221n488bf220q3846d9c79b47e1ad@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
Pat Maddox wrote: > 12.34.56.78 runs a server on port 1234 > 87.65.43.21 should connect to this > > Both of them have PF rulesets that block off most traffic, keeping > open the publically available ports I need open. In this case though, > any traffic over this port should only be between these two machines. > I've tried to set this up, but I keep getting operation not permitted, > connection refused, and connection reset by peer errors. Thanks for > any info. It's quite difficult to tell which rule catches your packets without the ruleset. Try this: 1) Add "log" to all block rules 2) Check you have keep state in pass rules 3) Check you have quick in your pass rules If you have a default block policy, then you should generally have quick in pass rules or you might have packets marked for passing being caught later by a block rule. I generally prefer having the default policy at top without quick, and then set quick on rules taking an explicit action. Cheers, Erikhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4489501F.7070501>