Hi guys !
Some time lurker here, this forum motivated me to change my router (Ubiquiti) to a Vanilla FreeBSD on a computer that was stored somewhere
Starting to learn PF with some forum threads here and with the PF book often recommended
So actually I have 4 NICS on the computer 1 WAN 1 LAN and 2 OPT
After starting to play with nat I have some issue understanding the packet flow with PF
I read on some book named: Building Firewall with OpenBSD and PF that:
So in my configuration, if I do something like:
It should let my host from LAN network to access internet, isn't it ?
For some reason it doesn't work and I need to put this rule to make it works:
And I completly don't understand this one
Can some people here help me understand the packet flow in the firewall and why what I wrote doesn't work ?
Thank you guys !
Stay Safe, stay sharp !
Have a good day
Some time lurker here, this forum motivated me to change my router (Ubiquiti) to a Vanilla FreeBSD on a computer that was stored somewhere
Starting to learn PF with some forum threads here and with the PF book often recommended
So actually I have 4 NICS on the computer 1 WAN 1 LAN and 2 OPT
After starting to play with nat I have some issue understanding the packet flow with PF
I read on some book named: Building Firewall with OpenBSD and PF that:
Code:
Packets sent from internal hosts to the firewall and destined to external host (I suppose internet)
it will matches the IN rule on the interface connecting private network to the firewall (so $int_if)
Same packet will matche the OUT rules on the firewall external interface ($ext_if)
So in my configuration, if I do something like:
Code:
ext_if = "em0"
int_if = "em1"
localnet = "em1:network"
nat log on $ext_if inet from $localnet to any -> ($ext_if)
block log all
pass in log on $int_if from $localnet
pass out log on $ext_if from $localnet
It should let my host from LAN network to access internet, isn't it ?
For some reason it doesn't work and I need to put this rule to make it works:
Code:
pass out log on $ext_if from $ext_if
And I completly don't understand this one
Can some people here help me understand the packet flow in the firewall and why what I wrote doesn't work ?
Thank you guys !
Stay Safe, stay sharp !
Have a good day