But it can still be a router if it does not do natting, a router with
only public IP's
Cezary Morga wrote:
Dnia Eroda, 15 paE:dziernika 2008, cgc napisaE:
And any box that is doing packet filtering between 2 or more
networks, eg. a private network and the internet, is a router as far
as
PROTECTED]
Enviada em: quarta-feira, 15 de outubro de 2008 16:21
Para: Ricardo Augusto de Souza
Cc: misc@openbsd.org
Assunto: Re: RES: RES: Filtering outgoing connections in pf
What exactly are you trying to achieve? what pc's do you want to have
access to what ports? Are you just allowing
-
De: cgc [mailto:[EMAIL PROTECTED]
Enviada em: quarta-feira, 15 de outubro de 2008 15:49
Para: Ricardo Augusto de Souza
Cc: misc@openbsd.org
Assunto: Re: RES: Filtering outgoing connections in pf
let me give you an example, if you
Private IP's like those in 10.10.0.0/16 have to be natted using
nat on $ext_if from 10.10.0.0/16 to any - ($ext_if)
so the packets exiting $ext_if are coming from ($ext_if) and not from
10.10.0.0/16
Regards,
Charlie
Ricardo Augusto de Souza wrote:
I didn4t understand what u Said.
Could u
Is is possible filter outgoing packets in $ext_if even doing NAT?
I mean, after nat on $ext_if from 10.10.0.0/16 to any - ($ext_if) all
packets from 10.10.0.0/16 will be translated to $ext_if.
I wish I could filter 10.10.0.0/16 packets in $ext_if.
Is is possible?
Thanks
-Mensagem
Why do you need to? you filter packets coming in on $int_if using the
private ip, there no need to filter packets on $ext_if using the private
ip.
And as far as I know there is no way filter on $ext_if based on the private
ip when you are natting
Regards,
Charlie
On Wed, 15 Oct 2008 14:44:43
Augusto de Souza
Cc: misc@openbsd.org
Assunto: Re: RES: Filtering outgoing connections in pf
let me give you an example, if you just want 10.10.0.0/16 to have port 80
access then you need 3 rules:
#the nat
nat on $ext_if from 10.10.0.0/16 to any port 80 - ($ext_if)
#allow through $int_if
let me give you an example, if you just want 10.10.0.0/16 to have port 80
access then you need 3 rules:
#the nat
nat on $ext_if from 10.10.0.0/16 to any port 80 - ($ext_if)
#allow through $int_if
pass in quick on $int_if proto tcp from 10.10.0.0/16 to any port 80
#and finally allow through
Dnia Eroda, 15 paE:dziernika 2008, cgc napisaE:
And any box that is doing packet filtering between 2 or more
networks, eg. a private network and the internet, is a router as far
as I am aware
If it's natting or filtering packets it's a gateway.
--
Cezary Morga
If you live to be one hundred,
9 matches
Mail list logo