Today I started to setup pf on my FreeBSD box in preparation for putting in on the internet in the coming weeks. My setup is (mostly) pretty simple, I have a single machine with one NIC, one private IP and it sits behind a NAT'd router.
I want to be able to allow SSH, http, https, imap, webmin and smtp to the server. I want to block everything else coming INTO the machine but allow everything going OUT of the machine.
Currently my rule base looks as follows:
Everything seems to work fine except Webmin. I have Webmin running under Apache using mod_proxy so that when someone
browses:
https://www.mydomain.com/webmin
it proxies them to:
http://www.mydomain.com:10000 (this is all on the same server)
Funny thing is I can't browse Webmin when I enable the pf rules. Everything else appears to run fine except webmin.
Does anyone have any ideas why webmin is being blocked? I know its got something to do with the proxying but I just can't figure it out...
PS: This is my first attempt at pf rules, if they look hopelessly wrong or you have any suggestions as to how I can improve them I am listening! :e
I want to be able to allow SSH, http, https, imap, webmin and smtp to the server. I want to block everything else coming INTO the machine but allow everything going OUT of the machine.
Currently my rule base looks as follows:
Code:
tcp_services = "{ 22, 25, 80, 143, 443, 587, 993 }"
block in all
pass in on bge0 proto tcp from any to bge0 port $tcp_services
pass in on bge0 proto tcp from any to bge0 port 10000
Everything seems to work fine except Webmin. I have Webmin running under Apache using mod_proxy so that when someone
browses:
https://www.mydomain.com/webmin
it proxies them to:
http://www.mydomain.com:10000 (this is all on the same server)
Funny thing is I can't browse Webmin when I enable the pf rules. Everything else appears to run fine except webmin.
Does anyone have any ideas why webmin is being blocked? I know its got something to do with the proxying but I just can't figure it out...
PS: This is my first attempt at pf rules, if they look hopelessly wrong or you have any suggestions as to how I can improve them I am listening! :e