On Sun, Jul 26, 2009 at 12:14:53PM -0500, Andres Salazar wrote:
> Thank you for the help, I believe that I already tried something similar and
> could not access the internet behind $int_if, ot $int_if2. Traffic is
> getting blocked by "block all" as per the following pflog1:
>
> Jul 26 05:11:51.250502 rule 0/(match) block out on re1: 192.168.1.2.55533 >
> 190.40.3.10.53: 22454+[|domain] (DF)
> Jul 26 05:11:51.407931 rule 0/(match) block out on re1: 192.168.1.2.63872 >
> 190.40.3.13.53: 37289+[|domain] (DF)
> Jul 26 05:11:51.408132 rule 0/(match) block out on re1: 192.168.1.2.51104 >
> 190.40.3.13.53: 14850+[|domain] (DF)
>
> 192.168.1.2 is the IP of the firewall itself in relationship to $ext_if.
To reiterate:
> > There
> > are also no "pass out" rules for traffic originating from the firewall
> > itself, you'll probably want to add something for this.
Add a pass rule for outbound traffic from the firewall itself. Adjust
for any additional services that it should be able to reach.
pass out on $ext_if inet proto { tcp udp } from ($ext_if) to any port 53
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/
