Re: Trying to use kFreeBSD as a firewall, but it won't forward packets
Hi! Rich Wales wrote: > I can connect between my LAN and the firewall (via its LAN interface) -- > and I can reach the Internet from the firewall (via its WAN interface) So, the kFreeBSD box has a correct default route out to the Internet? # route get -n 0.0.0.0 > -- but I can't manage to go *through* the firewall from my LAN to the > Internet (I've set up another box to use the kFreeBSD firewall as its > gateway, but packets are simply being dropped). The LAN interface will need to have an appropriate IP address and netmask assigned on it, and the interface must be 'UP' of course. Does the kFreeBSD box have a correct route to the source? # route get -n 192.168.1.2 (or whatever is the IP of that other box) > I have *net.inet.ip.forwarding* enabled, That's required, yes. > I'm using a minimal PF > configuration that does NAT and passes everything in and out on both > network interfaces. Please check if the ruleset is correctly loaded and enabled, e.g. with # pfctl -ef /etc/pf.conf It may be useful to check the output from # pfctl -vsa Regards, -- Steven Chamberlain ste...@pyro.eu.org signature.asc Description: Digital signature
Trying to use kFreeBSD as a firewall, but it won't forward packets
I'm trying to set up a kFreeBSD system as a firewall. However, I'm having trouble getting it to forward packets. I can connect between my LAN and the firewall (via its LAN interface) -- and I can reach the Internet from the firewall (via its WAN interface) -- but I can't manage to go *through* the firewall from my LAN to the Internet (I've set up another box to use the kFreeBSD firewall as its gateway, but packets are simply being dropped). I have *net.inet.ip.forwarding* enabled, and I'm using a minimal PF configuration that does NAT and passes everything in and out on both network interfaces. I can supply more details if necessary, but before I do that, can anyone think of something obvious which I may have missed? My eventual goal, btw, is to set up two kFreeBSD firewalls in a failover configuration using CARP. -- *Rich Wales* ri...@richw.org
Re: firewall?
On Fri, 4 Feb 2011, Dererk wrote: On 04/02/11 11:19, Anton Andreev wrote: Hi, How to configure a firewall on Debian / kFreeBSD. Cheers, Anton FreeBSD, consequently Debian kFreeBSD, replaced their old packet filter (luckily) with a ported OpenBSD's PF, most flexible and powerful packet filter you'll find out there, IMO. FreeeBSD still supports all three: ipfw, ipf and pf. One of the most relevant and complete guides you could find about: http://www.openbsd.org.ar/faq/pf/index.html please note that the latest OpenBSD pf differs from FreeBSD's version of pf and uses a different configuration syntax. I'd suggest going with man pf.conf as reference. /bz -- Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family. -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110210085748.l80...@maildrop.int.zabbadoz.net
Re: firewall?
On 04/02/11 11:19, Anton Andreev wrote: > Hi, > > How to configure a firewall on Debian / kFreeBSD. > > Cheers, > Anton > > > FreeBSD, consequently Debian kFreeBSD, replaced their old packet filter (luckily) with a ported OpenBSD's PF, most flexible and powerful packet filter you'll find out there, IMO. One of the most relevant and complete guides you could find about: http://www.openbsd.org.ar/faq/pf/index.html Enjoy! Greetings, Dererk -- BOFH excuse #422: Someone else stole your IP address, call the Internet detectives! signature.asc Description: OpenPGP digital signature
firewall?
Hi, How to configure a firewall on Debian / kFreeBSD. Cheers, Anton -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2024432573.7224.1296829168807.javamail.r...@mbox-01.uni-sofia.bg
Firewall Capabilities in Debian/NetBSD ?
Hi All, I'm thinking of having a dual firewall setup, and would prefer to be running a different kernel/fw codebase on each, so being a Debian user, I thought about using Debian/NetBSD. Does Debian/NetBSD have any Firewall packages yet ? pf, or ipf ? If not, anyone have any idea on how hard it would be to port them ? (I cant see it being -that- hard myself, since a lot of that code base is going to interface with the netBSD kernel, so all the hooks will be there) Could it be as "simple" as grabbing the source, and repackaging ? Iain