Hi,
I had a working NAT config, upgraded 7.0->7.2, and now it no longer works - and I've no idea why! The gateway can access the net fine, but hosts that use it as their default gw can't get anywhere. My pf.conf is;
rc.conf includes:
Any ideas? I'm stumped as to what's going on and how to troubleshoot.
I had a working NAT config, upgraded 7.0->7.2, and now it no longer works - and I've no idea why! The gateway can access the net fine, but hosts that use it as their default gw can't get anywhere. My pf.conf is;
Code:
[root@e325 ~]# cat /etc/pf.conf
int_if="bge0"
ext_if="bge1"
tcp_services="{5631, 80}"
icmp_types="echoreq"
r50e="192.168.1.11"
set block-policy return
set loginterface $ext_if
set skip on lo
set limit tables 3000
set limit table-entries 350000
table <honeypots> persist file "/etc/pfdata/honeypots"
table <bogons> persist file "/etc/pfdata/bogons"
table <ads> persist file "/etc/pfdata/ads"
scrub in
nat on $ext_if from $int_if:network to any -> ($ext_if)
block in
pass out keep state
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any to $ext_if port $tcp_services flags S/SA keep state
pass in on $ext_if inet proto tcp from any to $r50e port 13074 flags S/SA synproxy state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in quick on $int_if
block quick on $ext_if inet proto tcp from <honeypots> port != 80 to any
block quick on $ext_if inet proto tcp from any to <honeypots> port != 80
block quick on $ext_if from <bogons> to any
block quick on $ext_if inet proto tcp from any to <ads> port = 80rc.conf includes:
Code:
gateway_enable="YES"
pf_enable="YES"Any ideas? I'm stumped as to what's going on and how to troubleshoot.
