Greetings all,
I have wireless and wired devices on a LAN configured with sub-net 192.168.0.0/24. A snippet of pf.conf of the wired device:
shows that I am blocking all non-routable private addresses on the external interface, with the intent that since the devices are on the same LAN, the switching among them will happen on layer 2, thus layer 3 (the IP address), will not be implicated and the packets will not be blocked by the nonroute rule. At the same time I allow echorequest for testing purposes.
However, the echorequest has been failing and I have determined, by commenting out the nonroute rule, that the packets from the wireless device is blocked by the nonroute rule. So thinking about the issue, it may be my networking ignorance and not pf.conf mis-configuration.
Since the searches do not return anything useful, any advice or reference would be appreciated.
Kindest regards,
M
I have wireless and wired devices on a LAN configured with sub-net 192.168.0.0/24. A snippet of pf.conf of the wired device:
Code:
. . .
nonroute= "{ 0.0.0.0/8, 20.20.20.0/24, 127.0.0.0/8, 169.254.0.0/16,172.16.0.0/12, 192.0.2.0/24, 192.168.0.0/16, 224.0.0.0/3,255.255.255.255 }"
. . .
# Drop packets from non-routable addresses immediately
block drop in quick on $ext_if from $nonroute to any
. . .
# Allow ICMP
pass in quick on $ext_if inet proto icmp to ($ext_if) icmp-type 8 code 0 keep state
. . .
However, the echorequest has been failing and I have determined, by commenting out the nonroute rule, that the packets from the wireless device is blocked by the nonroute rule. So thinking about the issue, it may be my networking ignorance and not pf.conf mis-configuration.
Since the searches do not return anything useful, any advice or reference would be appreciated.
Kindest regards,
M