Thanks, one more question, What is the difference between:
rdr on $ext_if proto tcp from any to $pubip -> $privip and binat on $ext_if from $privip to any -> $pubip Do I need both ? Thanks. On 6/23/07, Ryan McBride <[EMAIL PROTECTED]> wrote:
On Sat, Jun 23, 2007 at 09:50:36PM -0600, Jose H. wrote: > Can anybody tell me what is wrong with this rules ? Is it source port or destination port? You're missing 'from any' or 'to any' at least, and for a good security policy you should explicitly specify source and/or destination IP addresses whenever possible. Also, if this is 4.1 you don't need 'keep state' and 'flags S/SA', they're on by default. > pass on $ext_if inet proto tcp port $servicios_baseline_tcp flags S/SA > keep state > pass on $ext_if inet proto udp port $servicios_baseline_udp > keep state > pass on $ext_if inet proto icmp icmptype $servicios_baseline_icmp > keep state
-- You should be the change that you want to see in the world. - Gandhi