I am trying to connect to an SMB share outside of the office. I have
confirmed that the share works and others on the Internet can connect
to it fine, but connections from within my office do not go through.
I am guessing I have something wrong with the office's pf filters or
NATing but I cannot identify the problem -- my pf.conf is fairly
simple. All machines on the network can get to other services (http,
https, rdp, ssh, ... anything, really) but cannot establish an SMB
connection. Nothing of interest shows up in the pf log.
pf.conf pasted below. Thank you for your time.
Sincerely,
william
## macros
# interfaces
intIf = "fxp0"
extIf = "fxp1"
# inside machines
dvrIp = "192.168.10.7"
scannerIp = "192.168.10.20"
pc2Ip = "192.168.10.21"
pc3Ip = "192.168.10.32"
# public IPs
natOutIp = "single.public.ip.address"
serviceInIp = "d.i.tt.o"
# internal services
rdpPort = "3389"
rdpPort2 = "3390"
rdpPort3 = "3391"
dvrWebPubPort = 82
dvrServicePort = 6036
## block list
APNIC = '"1.0.0.0/8" "43.0.0.0/8"'
RIPE = '"31.0.0.0/8" "109.230.240.0/20"'
CHINA = '"121.8.0.0/13"'
blockList = "{ " $APNIC $RIPE $CHINA " }"
## options
set block-policy return
set skip on lo
## filter rules
block in log quick on $extIf from $blockList
block in log on $extIf
pass in quick on $intIf
pass out
# NATing
pass out on $extIf from 192.168.10.0/24 to any nat-to $natOutIp
# internal services
pass in on $extIf inet proto tcp to $serviceInIp port $dvrWebPubPort
rdr-to $dvrIp port 80
pass in on $extIf inet proto tcp to $serviceInIp port $dvrServicePort
rdr-to $dvrIp
pass in on $extIf inet proto tcp to $serviceInIp port $rdpPort rdr-to
$scannerIp port $rdpPort keep state
pass in on $extIf inet proto tcp to $serviceInIp port $rdpPort2 rdr-to
$pc2Ip port $rdpPort keep state
pass in on $extIf inet proto tcp to $serviceInIp port $rdpPort3 rdr-to
$pc3Ip port $rdpPort keep state
# ssh
pass in on $extIf inet proto tcp to $serviceInIp port ssh
