Hi
I’m currently trying to run an OpenBSD firewall, I’ve read the man pages, but probably I’m doing something wrong…
I’m running OBSD 3.2 stable with NAT (NAT works fine) now I’m playing with pf rules.
e.g.
dc1 – external xxx.xxx.xxx.xxx
dc0 – internal 192.168.1.1
scrub in all
nat on dc1 from 192.168.0.0/16 to any -> xxx.xxx.xxx.xxx
block in log quick on dc1 proto { tcp, udp } from any to xxx.xxx.xxx.xxx \
port { 5432, 5801, 5901, 6001 }
block out log quick on dc1 from ! xxx.xxx.xxx.xxx to any
block in quick on dc1 from any to 255.255.255.255
block in log quick on dc1 from { 10.0.0.0/8, 172.16.0.0/12, \
192.168.0.0/16, 255.255.255.255/32 } to any
pass in log all
pass out all
So I’m trying to block these ports, but it doesn’t work I’m still able to connect to postgres running on that machine…
(I know that I can block it in pg_hba.conf but that’s not the question) Even if I put both pass rules in front of the block rules
as I was advised in [EMAIL PROTECTED] nothing will change.
And the last question:
The machine is Pentium Pro 200 MMX with 64MB SIMM RAM two DEC 21142/3 interfaces and 2.5GB 3600rpm IDE drive
It’s an old machine. Can I use it as a firewall/NAT for approximately 200 win computers? (campus)
Thank you
Hunci
SP SCCh FChPT STU
