Re: newbie firewall question

["Joe Barrett" <barrettj () wam umd edu>]

Did you set up a nat rule in either /etc/nat.conf (if using OBSD 3.0 or 3.1)
or in /etc/pf.conf if using 3.2-beta?
> From the man pages, you should need to run something like this:
nat on $EXTERNAL_INTERFACE from $INTERNAL_NETWORK to any \
    -> $EXTERNAL_INTERFACE
This will set up NAT, and let your office have connection.
Don't forget to set `keep state` & so on when setting up the pf rules, or
else
nothing will be able to get back in.

Joe Barrett
----- Original Message -----
From: "Felix Cuello" <felix () qodiga com>
To: <security-basics () securityfocus com>
Sent: Thursday, October 10, 2002 13:36
Subject: newbie firewall question


> Hello!
>
>    I'm configuring now a OpenBSD firewall to protect some servers and my
> private lan. This openBSD are now doing dinamic NAT to provides
> internet to all my office and that's works fine...
>
>    Now, when I wrote this firewall rules in /etc/pf.conf
>    [this rules are copied exactly as appears in openbsd.org page]
>
> block in on rl0 all
> pass  in on rl0 inet proto tcp from any to any port 22
> pass  in on rl0 inet proto tcp from any to any port 80
> pass  in on rl0 inet proto tcp from any to any port 443
> pass out on rl0 all
>
>
>    my office doesn't have Internet access...,
>
>    What's wrong?, what can I read to learn this?
>
> Thsnks a lot,
>
> Felix
> "sorry for my poor english"
>
>
> ---------------------------------------
>  Felix Cuello
>  felix () qodiga com
>
>  Qodiga/its
>  http://www.qodiga.com
>  Santa Fe 882 - Piso 13 - Of."E"
>  Buenos Aires, ARGENTINA