datamike
August 23rd, 2002, 17:12
Hi everyone. Here is my problem. I have OpenBSD 3.1 running as a bridge. Two NIC's with no IP adresses. I took the basic idea from the write up on this site.
My bridge is up and I can forward just fine. If is put pass all in my pf.conf I can get through it so I know it is working but I have something wrong with my ruleset.
ext_if= "sis0"
int_if= "sis1"
pass in quick on $ext_if
pass out quick on $ext_if
#filter on internal nic
block in log on $int_if all
pass out on $int_if proto udp all keep state
pass out on $int_if proto tcp all modulate state
pass out on $int_if inet proto icmp all icmp-type 8 code 0 keep state
I don't reall y get the last one either. I can't get out to the web, mail server, or anything.
This is a home network so I don't host any HTTP, FTP, or mail coming in. I only need access out and nothing in for now. I want it as simple as I can get it for now and then as I learn more I will make it more complex. Can anyone see what is wrong, tell me what I should add or take out. Thanks in advance.
My bridge is up and I can forward just fine. If is put pass all in my pf.conf I can get through it so I know it is working but I have something wrong with my ruleset.
ext_if= "sis0"
int_if= "sis1"
pass in quick on $ext_if
pass out quick on $ext_if
#filter on internal nic
block in log on $int_if all
pass out on $int_if proto udp all keep state
pass out on $int_if proto tcp all modulate state
pass out on $int_if inet proto icmp all icmp-type 8 code 0 keep state
I don't reall y get the last one either. I can't get out to the web, mail server, or anything.
This is a home network so I don't host any HTTP, FTP, or mail coming in. I only need access out and nothing in for now. I want it as simple as I can get it for now and then as I learn more I will make it more complex. Can anyone see what is wrong, tell me what I should add or take out. Thanks in advance.