Sponsored Content
Full Discussion: OpenBSD pf problems
Operating Systems BSD OpenBSD pf problems Post 302575170 by John Tate on Sunday 20th of November 2011 08:45:17 PM
Old 11-20-2011
OpenBSD pf problems

I am having troubles with this pf configuration, it seems when loaded nothing can access my server on the internal interface for the LAN, I cannot see why, and it's pretty much based off the very standard example in the OpenBSD faq.

When I unload the configuration, I can access the DNS server on the firewall running this configuration. It seems to forward everything through to the Internet, but blocks DNS which makes it pretty useless. I've looked at it at least five times...

Code:
[john@baal ~$ cat /etc/pf.conf
int_if="xl0"
ext_if="tun0"

rothbard="10.0.0.10"
baal="10.0.0.2"
smass="10.0.0.1"

tcp_services="{22}"
icmp_types="echoreq"

set block-policy return
set loginterface $ext_if
set skip on lo

match out on egress inet from !(egress:network) to any nat-to (egress:0)

block in log
pass out quick

antispoof quick for { lo $int_if }

pass in on egress inet proto tcp from any to (egress) \
        port $tcp_services
#After this goes forwarded ports... Probably just use ssh tunnels.

pass in inet proto icmp all icmp-type $icmp_types

What is wrong?

Bonus points if you can tell me how to do this so it only needs to load once, and not be loaded by a shell script after userland pppoe successfully connects.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

please help with openbsd 2.9

Please help. I have downloaded the openbsd 2.9 snapshot from ftp.openbsd.org. the following files were downloaded from the snapshot dir. ( the whole dir. was downloaded ) base29,bsd,bsd.rd,cdrom29.fs,cksum,comp29,etc29,all three floppy images,game29,index,install.ata,install.chs... (11 Replies)
Discussion started by: Blunt_Killer
11 Replies

2. UNIX for Dummies Questions & Answers

OpenBSD: ports

Hi there.. I'm new to openbsd, and I recently tried the ports-system.. I downloaded the ports-tree from ftp, and unpacked it in /usr/ports Then I typed 'make search key=centericq' I got some info about it.. but it wasn't the latest version.. the version I use at my gentoo linux box, is... (6 Replies)
Discussion started by: Maestin
6 Replies

3. UNIX for Dummies Questions & Answers

OpenBSD as router?

Hi Right now, my computer is connected directly to the internet.. but I recently got another one, and now I want to use this to share my internet connection to the other one. The new one has openbsd installed.. How should I do? I also need to forward connections on some ports to my old... (4 Replies)
Discussion started by: Maestin
4 Replies

4. Filesystems, Disks and Memory

Maxtor vs. OpenBSD

Can't setup OpenBSD 3.4 with Maxtor Diamond Plus 9 80Gb ATA/133 HDD... Install process stops at hardware initialize, before installing... :confused: Any Comments... Thanks (2 Replies)
Discussion started by: bsdave
2 Replies

5. BSD

Snort on openbsd

Im trying to gather some info to set up snort on openbsd 3.2, has anyone out there managed to get it up and running ? My initial attempts seem to be quite below par (4 Replies)
Discussion started by: malcontent
4 Replies

6. UNIX for Dummies Questions & Answers

OpenBSD Ftp permissions problems - help!!

Hello, Ok I have a couple of little problems that I can't for the life of me work out how to solve. I wasn't involved in setting the server up, I've just "inherited" the support for it. I've done my best to be a good little newbie, researched articles, tried things out and managed to only get... (1 Reply)
Discussion started by: Andy68man
1 Replies

7. BSD

OpenBSD and wireless

I've just installed OpenBSD on my laptop (IBM Thinkpad T42) and since this is my first time with wireless networking in OpenBSD I'm a bit lost. What I would like to do is connect to a wireless network using WEP or WPA. Where do I place the key and essid? (3 Replies)
Discussion started by: Timmy66
3 Replies

8. BSD

Trying to get into OpenBSD

I am an eight year Linux user and after getting into an argument with someone about OpenBSD overiding my theory that OS security is 50% OS and 50% admin skill, I decided to try OpenBSD for myself. I've tried BSDs before and haven't been able to get into them for day to dy use, but I am going to... (7 Replies)
Discussion started by: deckard
7 Replies

9. BSD

openbsd-pf

hello , I wondered if anyone could assist me in writing a simple packet filter firewall on my OpenBSD v4.5. All I intend doing is to have two firewalling machine on a separate network : 192.168.1.1 ext_if = xl0 (dhcp) // Internet interface int_if=xl1 // Internatl interface ... (0 Replies)
Discussion started by: mattjam
0 Replies

10. UNIX for Dummies Questions & Answers

Qemu Problems: OpenBSD(host) Kali Linux(guest)

As the title suggests I ran into a little problem trying to create a virtual machine of Kali Linux usign Qemu inside OpenBSD. I edited the example Kali Linux gave on their website here to the following for BSD: qemu-system-i386 -hda ./kali.qcow2 -boot d -cdrom ./kali-linux-1.0.5-i386.iso -m... (0 Replies)
Discussion started by: Azrael
0 Replies
FIREWALLD.CONF(5)						  firewalld.conf						 FIREWALLD.CONF(5)

NAME
firewalld.conf - firewalld configuration file SYNOPSIS
/etc/firewalld/firewalld.conf DESCRIPTION
firewalld.conf is loaded by firewalld during the initialization process. The file contains the basic configuration options for firewalld. OPTIONS
These are the options that can be set in the config file: DefaultZone This sets the default zone for connections or interfaces if the zone is not selected or specified by NetworkManager, initscripts or command line tool. The default zone is public. MinimalMark For some firewall settings several rules are needed in different tables to be able to handle packets in the correct way. To achieve that these packets are marked using the MARK target iptables(8) and ip6tables(8). With the MinimalMark option a block of marks can be reserved for private use; only marks over this value are used. The default MinimalMark value is 100. CleanupOnExit If firewalld stops, it cleans up all firewall rules. Setting this option to no or false leaves the current firewall rules untouched. The default value is yes or true. Lockdown If this option is enabled, firewall changes with the D-Bus interface will be limited to applications that are listed in the lockdown whitelist (see firewalld.lockdownwhitelist(5)). The default value is no or false. SEE ALSO
firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1), firewalld.conf(5), firewalld.direct(5), firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5), firewalld.zone(5), firewalld.zones(5) NOTES
firewalld home page at fedorahosted.org: http://fedorahosted.org/firewalld/ More documentation with examples: http://fedoraproject.org/wiki/FirewallD AUTHORS
Thomas Woerner <twoerner@redhat.com> Developer Jiri Popelka <jpopelka@redhat.com> Developer firewalld 0.3.9 FIREWALLD.CONF(5)
All times are GMT -4. The time now is 11:29 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy