ficsch
September 24th, 2003, 07:26
Hi,
i`m a newbie with pf on openbsd...
can you please give me a hint for my problem:
i have a p1 133 running openbsd 3.3.
the box has 3 network devices
rl0 192.168.0.x
rl1 192.168.0.x
wi0 192.168.1.x
(tun0)
one is connect to dsl.
why doesn`t this work:
(pf.conf: if_ext is tun0)
...
nat-anchor test:blockall
...
block in log on $if_ext from any to any
block out on $if_ext from any to any
pass out on $if_ext proto tcp from tun0 to any port 80
pass out on $if_ext proto udp from tun0 to $dns_server port 53
then i add a nat-anchor test:blockall:
block out quick all
block in quick all
if i`ll surf now from inside my lan - it works...
but i think it shouldn`t work.
whats wrong?
i`m a newbie with pf on openbsd...
can you please give me a hint for my problem:
i have a p1 133 running openbsd 3.3.
the box has 3 network devices
rl0 192.168.0.x
rl1 192.168.0.x
wi0 192.168.1.x
(tun0)
one is connect to dsl.
why doesn`t this work:
(pf.conf: if_ext is tun0)
...
nat-anchor test:blockall
...
block in log on $if_ext from any to any
block out on $if_ext from any to any
pass out on $if_ext proto tcp from tun0 to any port 80
pass out on $if_ext proto udp from tun0 to $dns_server port 53
then i add a nat-anchor test:blockall:
block out quick all
block in quick all
if i`ll surf now from inside my lan - it works...
but i think it shouldn`t work.
whats wrong?