PF setting up a pf routing device

[rootnl2k]

After a few odd pumps it is a matter of getting things set up correctly.

I will be using

-----------------------------------
| eth0
| |
| eth1
| |
| eth2
| |
| eth3
| |
------------------------------------

With Eth0 being my internal interface 192.168.81.14 and eth1 being the external interface with the router on the other side having ip 192.168.81.2 .

I uses service like ftp , nntp, smtps, smtp submission, bind, pop3 , pop3s , imap, imaps , https, https, 8443, radius 1645 and 1812 , sshd , webmin, usermin, rdp , VNC
and others throught my 192.168.81.0/24 network. What need to be set up correctly so that pf is a happy worker?

 

[SirDice]

Handbook: 30.3. PF

 

[tommiie]

Also interesting is the PF User's Guide

 

[Nicola Mingotti]

Also interesting is the PF User's Guide

a word of warning, OpenBSD pf is a bit different from FreeBSD one.

 

[tommiie]

a word of warning, OpenBSD pf is a bit different from FreeBSD one.

I was not aware of that. In that case I will read both our handbook and their user's guide and compare the differences more carefully.

 

[Nicola Mingotti]

I was not aware of that. In that case I will read both our handbook and their user's guide and compare the differences more carefully.

no problem, you are new, i guessed you did not know

Another thing that may be helpful, the handbook is great, paper books also may be very good, but in BSD culture the "bible" is in the man page.

If your interest in "pf" is for the long term then you could take a look at the book "The book of pf" which covers also the differences between the BSD(s) implementations.

After that, the definitive reference is always the man pages of each system.

 

[rootnl2k]

The problem with the mentioned is that is assumes 2 network while I have only the one 192.168.81.0/24 . Please read above.

 

[tommiie]

You stated you have a private network and a public network. That equals two networks. I don't understand your problem.

 

[SirDice]

The problem with the mentioned is that is assumes 2 network while I have only the one 192.168.81.0/24 .

No, you mentioned two networks:

With Eth0 being my internal interface 192.168.81.14 and eth1 being the external interface with the router on the other side having ip 192.168.61.2 .

That's 192.168.81.0/24 and 192.168.61.0/24. If the 61 was a typo then you have a configuration problem. If there's only one network (192.168.81.0/24) then there's nothing to route at all.

 

[rootnl2k]

61 was a typo . So then should a bridging firewall be looked at?

 

[jdakhayman]

Are you looking to setup a home router to connect to your isp?

 

[rootnl2k]

no! ISP setup

 

[jdakhayman]

no! ISP setup

So you are working on a setup that will allow you to accept incoming connections from customers and to give access to additional networks through yours? Along with offering additional services? Just trying to get an understanding of what your trying to accomplish.
jda

 

[rootnl2k]

Go back to the diagramme at the top. Eth0 is the internal interface and eth1 is the external interface. eth0 is 192.168.81.14/24 and eth1 is communicating with 192.168.81.2/24 and is unassigned. 192.168.81.4/24 is a dialup terminal server
however many customers are coming from 192.168.81.2/24 for e-mail / web service files service et al.