OpenBSD 4.0 pf scenario and question

OpenBSD 4.0 pf scenario and questions

Network: Openbsd Gateway with 2 NiC's xl0 connected to cable modem (dhclient) fxp0 connected to hub (dhcpd and bind)

Computers connected to hub computer1 - 192.168.100.2 computer2 - 192.168.100.3

Objectives I am having trouble with:

1) Allow some traffic from computer1 to internet (port 80) 2) Disallow some traffic from computer1 to internet (the rest) 3) Allow all traffic from computer2 to internet 4) Allow some traffic into bsd box (port 80) 5) Forward packets from internet to computer2 ports (6000, 50000, 50001)

My guesses:

1) pass out quick from $computer1 port 80

2) block out all

3) pass out quick from $computer2

4) bsd_allowed="{ 80 }" pass in quick on $ext_if inet from any to $ext_if port $bsd_allowed

5) forwarded_cpu="{ 6000, 50000, 50001 }" rdr on $ext_if from any to $ext_if port $forwarded_cpu2 ->

$computer2

Reply to
Boardstretcher
Loading thread data ...

Need to change the order of apperance somewhat. Of course, you do have the NAT rule(s) in place, I assume.

# 5: rdr on $ext_if proto tcp from any to any port 6000 -> $computer2 rdr on $ext_if proto tcp from any to any port 50000 -> $computer2 rdr on $ext_if proto tcp from any to any port 50001 -> $computer2

# 2: block out on $ext_if all pass quick on $int_if # only filter on $ext_if

# 1: pass out quick on $ext_if proto tcp from $computer1 to any port 80 \\ keep state pass out quick on $ext_if proto udp from $computer1 to any port 53 \\ keep state

# 3: pass out quick on $ext_if proto tcp from $computer2 to any keep state pass out quick on $ext_if proto udp from $computer2 to any keep state pass out quick on $ext_if proto icmp from $computer2 to any keep state

# 4: pass in quick on $ext_if proto tcp from any to $ext_if port 80

Reply to
Eirik Seim

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.