pf.conf help

rmparten

rmparten

Good day to everyone!

I have to sort through a pf.conf file and put the required information into a spreadsheet so that others may pick it apart and setup new firewalls based on this config. However, I am having issues reading some of these rules so a little help would be nice

Code: 
pf0
pass out quick on $tw_ext_if route-to ($hs_ext_if $hs_gateway) from <hs_drones_ext> to any queue hsmail

[code]pf1
pass out quick on $hs_ext_if route-to ($tw_ext_if $tw_gateway) from <tw_drones_ext> to any queue twmail

Also, I am a little lost on the nat stuff. I presume this is considered a static NAT?
Code: 
pf2
rdr on {$hs_ext_if} proto tcp from any to {$hs_drone1_ext} port 25 -> {$hs_drone1_int}
nat on {$tw_ext_if} proto tcp from {$hs_drone1_int} to any -> {$hs_drone1_ext}

Finally, here is another one that really gets me

Code: 
pf3
rdr on {$hs_ext_if} proto tcp from {$hosted_dns} to {$ns1_ext} port { 53 } -> {$admin2_int}
rdr on {$int_ifs} proto udp from <int_net> to {$ns1_ext} port 53 -> $admin2_int
nat on {$int_ifs} proto udp from <int_net> to $admin2_int port 53 -> $router_int

Let me know if you need pseudo IP addresses to work with this.

Thank you
 
I know this is a FreeBSD forum, but this is running on OpenBSD 4.4, there doesn't seem to be much help in the OpenBSD side of things in regards to this.
 
Let me see :e

  • pf0: all traffic from hosts in the table hs_drones_ext are routed to $hs_gateway using $hs_ext_if. It's also shoved in a queue called hsmail. That's probably being used for ALTQ to prioritize.
  • pf1: The same deal but for tw_drones_ext to $hs_gateway.
  • pf2: Static NAT indeed, and an incoming redirection (port forwarding) to port 25. Probably to receive mail from outside.
  • pf3: What a mess :O
 
Thanks for the reply, but for pf1, shouldn't it be tw_drones go to tw_gateway?

I know this is a dumb question, but what does

Code: 
pf5
pass out quick on tw_ext_if
mean?

I understand "quick" and what it does and I am presuming that pass out means to PERMIT traffic OUTBOUND on the TW_EXT_IF...however, if you notice on PF0 I have tw_ext_if and a hs_gateway (Two different providers and two different subnets).

This entire thing is one big mess and thank you for all the help you can give for free.

Thanks
 
Re post-formatting: your command lines are confusing. Please note that the [/b][/FILE] tags should not be used the way you use them. Also they're single-line, single-command tags. [url]http://forums.freebsd.org/showthread.php?t=8816[/url]

You may be looking for the [FILE][b][code][/b][/FILE] tag here. I substituted those.
 
rmparten said:
Thanks for the reply, but for pf1, shouldn't it be tw_drones go to tw_gateway?
Click to expand...
Yes, you are correct, I made a mistake.

I know this is a dumb question, but what does

Code: 
pf5
pass out quick on tw_ext_if
mean?
Click to expand...
It's the same as
Code: 
pass out quick on $tw_ext_if from any to any
 
You must log in or register to reply here.
Back
Top