Yeah, I'll post them up on a webpage real quick. and to answer someone's question earler, yes, I'm using "quick" rules. I'm wanting to try and keep the latency down as low as I can. And I figured that would be the best way to keep it down.
> Shawn, > > Multi-interface packet filtering can be tricky. Could you post your rules? > > Without that, all we can probably say is that you have a > misconfiguration somewhere. > > IIRC, creating stateful inspection on one interface does not allow the packets to go >through other > interfaces. This is my first guess as to your problem. > > ==ml > > On Mon, Dec 16, 2002 at 03:03:53PM -0600, [EMAIL PROTECTED] wrote: >> Ok, I'm new to OpenBSD and pf, but I'm quickly getting the hang of it. >> >> Here's my setup: >> >> AMD 2300 w/ 512mb DDR ram >> 512mb flash drive >> 5 10/100 network cards >> >> I have 4 networks right now, one of them is the internet. So let's call them, >Inet, A, B,and C. >> >> Network C is the network with all mail/web/dns/etc servers on it. >> >> A and B are networks, I could really care less what traffic goes to them, and from >them, going to/from >> the internet and each other. >> >> I want networks A and B to be able to only access the mail servers on ports >25/110/80/443, dns servers >> on port 53, webservers on ports 80/443, and a couple of other servers via ftp. >> >> Should be very simple, I setup some rules to allow all traffic from Inet going to A >and B. I then >> allowed all traffic from A and B going to Inet to pass through. >> I then setup some holes on C, to allow those ports to those servers that I want >open. I also allowed >> network C to access http/https/ftp/dns/mail outside of it's network. I have a >"catch all" in the bottom >> of my script, to just block everything that doesn't fit into anything else. >> >> I enable it.. what happens.. I loose connectivity to all the networks. Nothing can >see anything outside >> of their network. >> do a ping from the firewall, and you get: >> >> ping: sendto: No route to host >> ping: wrote 192.168.3.250 64 chars, ret=-1 >> >> >> Anyone have any ideas? >> >> > > -- > Michael Lucas [EMAIL PROTECTED], [EMAIL PROTECTED] > http://www.oreillynet.com/pub/q/Big_Scary_Daemons > > Absolute BSD: http://www.AbsoluteBSD.com/
