Contributed by webmaster on from the mirror-mirror dept.
OpenBSD Journal is carrying a mirror of the PF HOWTO at /pf-howto . Anyone want to make me a PF logo? 60x60 png on white or transparent background please.
Check out the new logo : Will was kind enough to provide me with our PF topic logo. Thanks.
(Comments are closed)
By Bill A () meestergoat@NONUISGOODNU.yahoo.com.nu on http://www.kuro5hin.org/user/libertine/diary
I am curious about the art request...is there some kinda PF mascot? All that comes to my mind is either a sponge or baleen whale...sleep, need sleep, can hear the ocean calling. Sexy sea aenemones, that's it...*zzzzzzz*
By Frank DENIS () j@pureftpd.org on http://www.pureftpd.org
I'm also using OpenBSD 3 snapshots, and I'm really amazed by the work that have been done since 2.9 (2.9 was already excellent due to the filesystem speedups) .
However, is the NAT part of PF already implemented and functionnal? While I can easily parse a simple NAT configuration file, it doesn't seem to work. It doesn't NAT anything, and packets got blocked.
Also, block with return-rst doesn't return anything. Packets got filtered, but they are always blackholed. Are these features implemented?
Best regards,
-Frank.
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Frank DENIS () j@pureftpd.org on http://www.pureftpd.org
block out log all
block in all
pass out quick on lo0 all
pass in quick on lo0 all
pass out quick proto tcp all flags S/SA keep state
pass out quick proto udp all flags S/SA keep state
pass out quick proto icmp all keep state
block return-rst in quick proto tcp from any to any port = 113
However, when an external connection to port 113 is made, no packet is sent, just as if "block return-rst" didn't work.
What's wrong with these rules?
My nat.conf file is :
nat on ne3 from 10.0.0.0/24 to any -> 193.132.209.215
193.132.209.215 is the OpenBSD box itself (and it has a route to the gateway) . 10.0.0.1 is an alias for the same interface. But from another computer whoose IP is 10.0.0.2, and gateway is 10.0.0.1, I can't send any packet to the internet.
And forwarding has been enabled with sysctl.
What's wrong?
Comments
By Luiz Gustavo () gustavo at shoptime dot com on mailto:gustavo at shoptime dot com
Your conf has some huge mistakes, use pf.conf
man page to start...
Comments
By Frank DENIS () j@pureftpd.org on http://www.pureftpd.org
By danimal () danimal[AT]danimal[DOT]org on http://danimal.org/
-d
Comments
By Ryan Cooley () on
In Netscape:
Edit -> Preferences -> Advanced -> Enable Style Sheets
Comments
By danimal () on
:)
Thanks for reminding me.
By webmaster () on
By danimal () danimal[AT]danimal[DOT]org on http://danimal.org/
http://danimal.org/openbsd/pf2.png -danimal (goof)
Comments
By Anonymous Coward () on
I may be nit-picking too much also ;)
Comments
By danimal () danimal[AT]danimal[dot]org on mailto:danimal[AT]danimal[dot]org
Sure, if anyone wants the GIMP XCF let me know as it is all broken out into layers (and larger than 60x60).
-danimal
By Anonymous Coward () on
By jcs () on mailto:jcs(at)openbsd(dot)org
Comments
By Anonymous Coward () on
By Miod Vallat () miod@openbsd.org on mailto:miod@openbsd.org
Besides, OpenBSD has developers who reside in Australia...
By Anonymous Coward () on
By fansipans () on
so yea. you actually can do things with this hip new pf thing. wh00t. the only thing that threw me off is the whole "if you run a binat rule the external ip address has to exist" hehe...quickly solved with a few ip aliases. next thing to try'll be bridging with pf. does anyone have any super hip dmz stories? or hip network topologies they've set up?
Comments
By Anonymous Coward () on
By Anonymous Coward () on
By Eric Bullen () ericb@NOSPAMthedeepsky.com on mailto:ericb@NOSPAMthedeepsky.com
Let me know...
-E