[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pf configuration

To: misc@openbsd.org
Subject: pf configuration
From: Benjamin Michotte <binny@baby-linux.net>
Date: 03 Sep 2002 18:20:14 +0200

Hello,

I'm using Linux from 6 years and decided yesterday to try a BSD unices
for the server of my private lan and my choose was openBSD. After
downloading and burning, the install was very fast and easy.

My lan looks like this:

INTERNET |---| (alcatel speed touch home) adsl |---| server |---| some
machines

the server network card for the alcatel modem is ne3 and the card for
the private lan is ne4

ne3 is 10.0.0.140 = ppp0 when connected
ne4 is 192.168.0.1

It was not easy to configure adsl connection because pptp doesn't work
for me so I must use pppoe... I couldn't connect to the internet, so I
tried with the tools I had on my workstation... rp-pppoe... but... pppd
version was too old for this utility which request at least pppd 2.3.7. 
Good, I have the sources for 2.3.9.

cd pppd-2.3.9; ./configure... and

Support for this system has not been included
in this distribution.  Sorry.

my godness !!!
a little vi after, pppd 2.3.9 was compiled on my openBSD and the script
works fine so I can connect to the internet.... a great victory :)

First, I hope, this little "micro-mini-howto" to use a pppoe adsl could
help someone a day :)

I continue my little story.
After looking a while about nat (pf is really different than
ipchains-iptables), I've got 

nat on ppp0 from 192.168.0.0/24 to any -> ppp0 

on my nat.conf and it works fine.

And I arrive to my problem... pf !!!
I don't understand anything from the manual !!!

I would like the internal lan can in and out everything and from the
internet, I only want that people can connect to ssh, ftp, http, cvs and
only from this.host.com to telnet (admin doesn't want to open ssh port
because ssh is not _secure_ !!!)

so I try 

pass in on ne4 from any to any
pass out on ne4 from any to any

block in on ppp0 all
pass in on ppp0 inet proto tcp from any to any port { 21, 22, 80, 2401 }
pass in on ppp0 inet proto {tcp, udp} from this.host.com \
	to any port 23

but it doesn't work, so my pf.conf is lamentably

pass in all
pass out all :/

Can someone please help me to configure this ?

ps: please excuse my poor english

yours,
Benjamin

-- 

default: assert(1==0); /* autant dire que j'ai pas envie que ca arrive
*/
  -- pouaite, code de wmcoincoin

Benjamin Michotte        <binny@baby-linux.net>
web      : http://www.baby-linux.net
homepage : http://www.baby-linux.net/binny
icq uin  : 99745024

Follow-Ups:
- Re: pf configuration
  - From: S9 <km@themcminns.com>
- Re: pf configuration
  - From: Hugo Villeneuve <harpagon@jwales.EINTR.net>
- Re: pf configuration
  - From: Nuno Morgadinho <neqm@vizzavi.pt>

Prev by Date: Re: Patch/Build procedure fundamentals
Next by Date: Re: pf configuration
Prev by thread: strange installation issue
Next by thread: Re: pf configuration
Index(es):
- Date
- Thread