[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can pf be used this way?

To: Paul Fontenot <wpfontenot@yahoo.com>
Subject: Re: Can pf be used this way?
From: Taufik <openbsd@admin.or.id>
Date: Wed, 20 Mar 2002 02:19:37 +0700 (JAVT)
Cc: <misc@openbsd.org>

On Tue, 19 Mar 2002, Paul Fontenot wrote:

> I have squid and pf running on the same box (my small
> office gateway) and want to know if there is a rule I
> can put in my pf.conf that will make all outbound web
> traffic go through the proxy.
>
> Here is the /etc/pf.conf file:
>
> # Define useful variables
> ExtIF="xl0"                     # External interface
> IntNet="192.168.1.0/24"         # My internal network
> NoRouteIPs="{ 127.0.0.1/8, 192.168.0.0/16,
> 172.16.0.0/12, 10.0.0.0/8 }"
> Services="{ ssh }"
>
> # Clean up fragmented and abnormal packets
> scrub in on $ExtIF all
>
> # Don't allow anyone to spoof non-routeable addresses
> block in quick on $ExtIF from $NoRouteIPs to any
> block in quick on $ExtIF from any to $NoRouteIPs
>
-----------------snips ................... :-)

maybe i'm wrong but ...

you define
IntNet="192.168.1.0/24"         # My internal network

then after scrub you define
> # Don't allow anyone to spoof non-routeable addresses
> block in quick on $ExtIF from $NoRouteIPs to any
> block in quick on $ExtIF from any to $NoRouteIPs

your IntNet include on 192.168.0.0/16 ($NoRouteIPs) that block in quick ?


Taufik
mycroft@admin.or.id
http://mycroft.sysadmin.or.id

Follow-Ups:
- Re: Can pf be used this way?
  - From: Paul Fontenot <wpfontenot@yahoo.com>

References:
- Can pf be used this way?
  - From: Paul Fontenot <wpfontenot@yahoo.com>

Prev by Date: nis+
Next by Date: Re: Can pf be used this way?
Prev by thread: Can pf be used this way?
Next by thread: Re: Can pf be used this way?
Index(es):
- Date
- Thread