pf.conf
This is a discussion on pf.conf within the comp.unix.bsd.openbsd.misc forums, part of the OpenBSD category; --> Sorry guys......DOH! # Variable declarations INT="rl1" EXT="rl0" LAN="192.168.0.0/24" BADIPS="{ 127.0.0.1/8, 192.168.0.0./16, 172.16.0.0/12, 10.0.0.0/8 }" scrub in all nat on ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-16-2008, 05:17 AM
| |||
| |||
 Re: pf.conf robin wrote: > Sorry guys......DOH! > > # Variable declarations > > INT="rl1" > EXT="rl0" > LAN="192.168.0.0/24" > > BADIPS="{ 127.0.0.1/8, 192.168.0.0./16, 172.16.0.0/12, 10.0.0.0/8 }" > > scrub in all > > nat on $INT from $LAN to any -> 195.80.23.146 > > pass in all > pass out all > Try changing nat on $INT from $LAN to any -> 195.80.23.146 to: nat on $INT from $LAN to any -> $EXT -- Kris Kielhofner      |
|
02-16-2008, 05:17 AM
| |||
| |||
| Re: pf.conf Hi, Thanks for the help. ok did that but Still the same systax error. Bummer!! "Kris Kielhofner" <klists@wisvis.com> wrote in message news:1RGMa.164755$Xl.2665848@twister.rdc-kc.rr.com... > robin wrote: > > Sorry guys......DOH! > > > > # Variable declarations > > > > INT="rl1" > > EXT="rl0" > > LAN="192.168.0.0/24" > > > > BADIPS="{ 127.0.0.1/8, 192.168.0.0./16, 172.16.0.0/12, 10.0.0.0/8 }" > > > > scrub in all > > > > nat on $INT from $LAN to any -> 195.80.23.146 > > > > pass in all > > pass out all > > > > Try changing > > nat on $INT from $LAN to any -> 195.80.23.146 > > to: > > nat on $INT from $LAN to any -> $EXT > > -- > Kris Kielhofner > |
|
02-16-2008, 05:17 AM
| |||
| |||
| Re: pf.conf > The "nat" line should be above the "scrub" rule, or you deactivate the order > enforcing (-> man pf.conf). > > HTH Konfu > Have you read man pf.conf? --- Macros Tables Options Traffic Normalization (e.g. scrub) Queueing Translation (Various forms of NAT) Packet Filtering With the exception of macros and tables, the types of statements should be grouped and appear in pf.conf in the order shown above, as this match- es the operation of the underlying packet filtering engine. --- |
|
02-16-2008, 05:17 AM
| |||
| |||
| Re: pf.conf On Wed, 2 Jul 2003 20:46:32 +0100, robin wrote: > BADIPS="{ 127.0.0.1/8, 192.168.0.0./16, 172.16.0.0/12, 10.0.0.0/8 }" If you look at this line long and hard, you'll spot the mistake (superfluous period after the second zero in 192.168.0.0./16). How we should find this on line 9 of what you posted is beyond me, you probably posted something else than you tried to load... Daniel |
|
02-16-2008, 05:17 AM
| |||
| |||
| Re: pf.conf "robin" <robin@interalpha.co.uk> wrote in message news:fJicnaW2vaoKq56iXTWJkA@tcp.co.uk... > Sorry guys......DOH! > > # Variable declarations > > INT="rl1" > EXT="rl0" > LAN="192.168.0.0/24" > > BADIPS="{ 127.0.0.1/8, 192.168.0.0./16, 172.16.0.0/12, 10.0.0.0/8 }" > > scrub in all > > nat on $INT from $LAN to any -> 195.80.23.146 > > pass in all > pass out all > > > > > Hi group Once i put the external ip in speech marks (nat on $INT from $LAN to any -> 195.80.23.146) the conf load without any hitch at all. but i still cant get nat working at all. So back to the books thanks for all the advice |
|
02-16-2008, 05:17 AM
| |||
| |||
| Re: pf.conf > Once i put the external ip in speech marks (nat on $INT from $LAN to any -> > 195.80.23.146) the conf load without any hitch at all. but i still cant get > nat working at all. > > So back to the books thanks for all the advice > > try to put spaces around IP like " 195.80.23.146 " I have this address = "( tun0 )" nat on tun0 from 192.168.2.0/24 to any -> $address working ok |
|
02-16-2008, 05:18 AM
| ||||
| ||||
| Re: pf.conf "robin" <robin@interalpha.co.uk> wrote in message news:<fJicnaW2vaoKq56iXTWJkA@tcp.co.uk>... > BADIPS="{ 127.0.0.1/8, 192.168.0.0./16, 172.16.0.0/12, 10.0.0.0/8 }" > If I start my pf.conf with block in log all block out log all do I still need to block 127.0.0.1/8 etc. away? thx -- ia |
Linear Mode
