DragonFly BSD
DragonFly users List (threaded) for 2006-09
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Bridging again


From: Gergo Szakal <bastyaelvtars@xxxxxxxxx>
Date: Tue, 26 Sep 2006 22:55:54 +0200

I think I fixed it. Here is the relevant config piece:
-------------------------------------------------------------------------
int_if=sk1
ext_if=sk0
tcp_opts="flags S/SA modulate state"

# omitting previously mentioned config options

# default block policy
block in log all
block out log all

# we just don't give a fuck here:
pass quick on {$int_if,lo0,bridge0} all

######################
# otubound 'filtering'
#####################
pass in log quick on $ext_if proto tcp from <intnet> to any keep state
pass in log quick on $ext_if proto udp from <intnet> to any keep state

########################
# inbound ports' opening
########################

# ssh
pass out log quick on $ext_if proto tcp from any to <intnet> port 22 keep state
-------------------------------------------------------------------------


This testconfig works. What were the errors?

- it does not like the merged $tcp_opts somehow
- the directions are reversed somehow, I can recall having the same issues with OpenBSD 3.7. Need to physically (cables) or logically (pf and rc.conf) reverse the directions. :-)


I think both issues are caused by having an outdated pf in DF. I know it's in the works, so please do not consider this as a demanding statement.
Thanks for the hints, guys. Good ol' RTFM helped me, so did 'tcpdump -nettt -i pflog0'.
:-)




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]