On Sun, Jul 26, 2009 at 12:14:53PM -0500, Andres Salazar wrote: > Thank you for the help, I believe that I already tried something similar and > could not access the internet behind $int_if, ot $int_if2. Traffic is > getting blocked by "block all" as per the following pflog1: > > Jul 26 05:11:51.250502 rule 0/(match) block out on re1: 192.168.1.2.55533 > > 190.40.3.10.53: 22454+[|domain] (DF) > Jul 26 05:11:51.407931 rule 0/(match) block out on re1: 192.168.1.2.63872 > > 190.40.3.13.53: 37289+[|domain] (DF) > Jul 26 05:11:51.408132 rule 0/(match) block out on re1: 192.168.1.2.51104 > > 190.40.3.13.53: 14850+[|domain] (DF) > > 192.168.1.2 is the IP of the firewall itself in relationship to $ext_if.
To reiterate: > > There > > are also no "pass out" rules for traffic originating from the firewall > > itself, you'll probably want to add something for this. Add a pass rule for outbound traffic from the firewall itself. Adjust for any additional services that it should be able to reach. pass out on $ext_if inet proto { tcp udp } from ($ext_if) to any port 53 -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/