skangraf
September 15th, 2010, 12:40
Hello
I've problem with PF on FreeBSD 8.0. I have running apache on port 80,443 and ssh on port 22, all services are on interface eth0 (192.168.1.67).When running pf I can't connect to http and ssh. I changed (22,80,443) synproxy state to keep state and I can connect to ssh and http from other computer, but I can't connect from server(192.168.1.67) to http service for example lynx 192.168.1.67 I get error -> "Unable to connect to remote host"
here is my pf.conf:
##################
# makrodefinition
##################
ext_if = "em0"
my = "192.168.1.227/32"
my1 = "192.168.1.81/32"
##################
# Option
##################
set limit frags 30000
set require-order yes
set block-policy drop
set optimization normal
set loginterface em0
##################
# Normalization
##################
scrub in all
scrub out all
##################
# Filtering
##################
# block all
block in all
# pass out
pass out quick on $ext_if inet from ($ext_if) to any keep state
# allow connection in on ext_if port 80 (apache)
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 80 flags S/SA keep state
# allow connection in on ext_if port 443 (apache SSL)
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 443 flags S/SA keep state
# allow connection in on ext_if port 22 (SSH)
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 22 flags S/SA keep state
# allow ping request from $my, $my1
pass in on $ext_if inet proto icmp from {$my,$my1} to ($ext_if) icmp-type 8 code 0 keep state
# antispoof rule
antispoof for $ext_if
Can someone help me ?
I've problem with PF on FreeBSD 8.0. I have running apache on port 80,443 and ssh on port 22, all services are on interface eth0 (192.168.1.67).When running pf I can't connect to http and ssh. I changed (22,80,443) synproxy state to keep state and I can connect to ssh and http from other computer, but I can't connect from server(192.168.1.67) to http service for example lynx 192.168.1.67 I get error -> "Unable to connect to remote host"
here is my pf.conf:
##################
# makrodefinition
##################
ext_if = "em0"
my = "192.168.1.227/32"
my1 = "192.168.1.81/32"
##################
# Option
##################
set limit frags 30000
set require-order yes
set block-policy drop
set optimization normal
set loginterface em0
##################
# Normalization
##################
scrub in all
scrub out all
##################
# Filtering
##################
# block all
block in all
# pass out
pass out quick on $ext_if inet from ($ext_if) to any keep state
# allow connection in on ext_if port 80 (apache)
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 80 flags S/SA keep state
# allow connection in on ext_if port 443 (apache SSL)
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 443 flags S/SA keep state
# allow connection in on ext_if port 22 (SSH)
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 22 flags S/SA keep state
# allow ping request from $my, $my1
pass in on $ext_if inet proto icmp from {$my,$my1} to ($ext_if) icmp-type 8 code 0 keep state
# antispoof rule
antispoof for $ext_if
Can someone help me ?