Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: pf not working properly even with only "pass in all" and "pass out all" rules
Top Forums UNIX for Advanced & Expert Users pf not working properly even with only "pass in all" and "pass out all" rules Post 45587 by xyyz on Wednesday 24th of December 2003 07:20:10 PM
Old 12-24-2003
Network pf not working properly even with only "pass in all" and "pass out all" rules
i have two rules in my pf.conf file, "pass in all" and "pass out all"

i was having issues with getting pf working to begin with, so i went with
starting from nothing and working on up.

i have an ultrasparc ultra1 200e, with an added 4-port fast ethernet sbus
card, running "3.4 GENERIC#85 sparc64"

i have my access server on one and my workstation on two separate ports that
are different networks.

i can ping the access server from my workstation and my OBSD box, however, i
can't telnet to the access server from my workstation. i can telnet to the
access server through the OBSD box.

my pf.conf is as follows:

Code:
###################################
# $OpenBSD: pf.conf 11/9/2003
###################################

#####################################
### macros
#####################################

### IP addresses
ext_ip = "10.10.110.2"                          # external interface ip
address
int_ip = "192.168.110.253"                      # internal interface ip
address
pub_ip = "172.16.210.1"                         # public servers interface
ip address
pvt_ip = "192.168.210.1"                        # private servers interface
ip address
pod_ip = "172.16.110.1"                         # cisco router pod interface
ip address

### physical interfaces
int_if = "hme0"                                 # internal interface
pvt_srv_if = "hme1"                             # private server interface
pub_svr_if = "hme2"                             # public server interface
cisco_pod_if = "hme3"                           # router lab interface
ext_if = "hme4"                                 # external interface
all_if = "{ hme0, hme1, hme2, hme3, hme4}"      # all interfaces

### networks
int_net = "192.168.110.240/28"                  # internal LAN
ext_net = "10.10.110.0/30"                      # external LAN
pvt_net = "192.168.210.0/30"                    # private server network
pub_net = "172.16.210.0/30"                     # public server network
pod_net = "172.16.110.0/30"                     # cisco router pod network

### servers
web_server = "172.16.210.2"                     # webserver
PDC = "192.168.210.2"                           # primary domain server
router = "10.10.110.1"                          # router
access_server = "172.16.110.2"                  # cisco pod access server
print_server = "192.168.100.251"                # print server
proxy_server = " 192.168.100.248"               # proxy server

### internal network hosts
venus = "192.168.110.242"                       # ami's system
saturn = "192.168.110.243"                      # my system
mercury = "192.168.110.249"                     # laptop
uranus = "192.168.110.248"                      # backup server
neptune = "192.168.110.253"                     # OpenBSD
hosts = "{" $venus $saturn $mercury $uranus "}"

### Private addresses
spoof_ips= "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
# private addresses

### Services
www = "{ 80, 443}"                              # http/https

##################################################################
### Options: tune the behavior of pf
##################################################################

### Sets the interface for which PF should gather statistics such as bytes
in/out and packets passed/blocked
### Optimize PF for one of the following network environments
### packet is silently dropped

# default options
#set require-order yes
#set optimization normal
#set block-policy drop
#set fingerprints "/etc/pf.os"
set loginterface hme4

##########################
###Packet Filtering Table
##########################

### Clean up fragmented packets and abnormal packets
scrub in all fragment reassemble

### redirect/nat rules
nat on $ext_if from any to any -> $ext_ip

###
### traffic rules ###
###

pass in all
pass out all

i'd appreciate any and all help

added code tags for readability --oombera
Last edited by oombera; 02-21-2004 at 02:37 AM..
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Explain the line "mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'`"

Hi Friends, Can any of you explain me about the below line of code? mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'` Im not able to understand, what exactly it is doing :confused: Any help would be useful for me. Lokesha (4 Replies)
Discussion started by: Lokesha
4 Replies

2. Shell Programming and Scripting

cat $como_file | awk /^~/'{print $1","$2","$3","$4}' | sed -e 's/~//g'

hi All, cat file_name | awk /^~/'{print $1","$2","$3","$4}' | sed -e 's/~//g' Can this be done by using sed or awk alone (4 Replies)
Discussion started by: harshakusam
4 Replies

3. Shell Programming and Scripting

awk command to replace ";" with "|" and ""|" at diferent places in line of file

Hi, I have line in input file as below: 3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL My expected output for line in the file must be : "1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL" Can someone... (7 Replies)
Discussion started by: shis100
7 Replies

4. Solaris

The slices "usr", "opt", "tmp" disappeared!!! Help please.

The system don't boot. on the screen appears following: press enter to maintenance (or type CTRL-D to continue)...I checked with format command. ... the slices "0-root","1-swap","2-backup" exist. ...the slises "3-var","6-usr" -unassigned. :( (16 Replies)
Discussion started by: wolfgang
16 Replies

5. AIX

How to use 'expect' to pass UID & Password to a "for loop" in shell script?

Friends, Need someone's help in helping me with the below requirement for a script: > For a list of servers(over 100+), I need to login into each of them(cannot configure password-less ssh) & grab few configuration details < I know, this is possible through expect programming in a simple... (2 Replies)
Discussion started by: thisissouvik
2 Replies

6. Shell Programming and Scripting

How to use 'expect' to pass UID & Password to a "for loop" in shell script?

Friends, Need someone's help in helping me with the below requirement for a script: > For a list of servers(over 100+), I need to login into each of them(cannot configure password-less ssh) & grab few configuration details < I know, this is possible through expect programming in a simple... (14 Replies)
Discussion started by: thisissouvik
14 Replies

7. UNIX for Dummies Questions & Answers

Using "mailx" command to read "to" and "cc" email addreses from input file

How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address and column 3 contains “cc” e-mail address to include with same email. Sample input file, email.txt Below is an sample code where... (2 Replies)
Discussion started by: asjaiswal
2 Replies

8. Shell Programming and Scripting

Bash script - Print an ascii file using specific font "Latin Modern Mono 12" "regular" "9"

Hello. System : opensuse leap 42.3 I have a bash script that build a text file. I would like the last command doing : print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt where : print_cmd ::= some printing... (1 Reply)
Discussion started by: jcdole
1 Replies

9. AIX

Apache 2.4 directory cannot display "Last modified" "Size" "Description"

Hi 2 all, i have had AIX 7.2 :/# /usr/IBMAHS/bin/apachectl -v Server version: Apache/2.4.12 (Unix) Server built: May 25 2015 04:58:27 :/#:/# /usr/IBMAHS/bin/apachectl -M Loaded Modules: core_module (static) so_module (static) http_module (static) mpm_worker_module (static) ... (3 Replies)
Discussion started by: penchev
3 Replies
All times are GMT -4. The time now is 02:25 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy