i have two rules in my pf.conf file, "pass in all" and "pass out all"
i was having issues with getting pf working to begin with, so i went with
starting from nothing and working on up.
i have an ultrasparc ultra1 200e, with an added 4-port fast ethernet sbus
card, running "3.4 GENERIC#85 sparc64"
i have my access server on one and my workstation on two separate ports that
are different networks.
i can ping the access server from my workstation and my OBSD box, however, i
can't telnet to the access server from my workstation. i can telnet to the
access server through the OBSD box.
my pf.conf is as follows:
###################################
# $OpenBSD: pf.conf 11/9/2003
###################################
#####################################
### macros
#####################################
### IP addresses
ext_ip = "10.10.110.2" # external interface ip
address
int_ip = "192.168.110.253" # internal interface ip
address
pub_ip = "172.16.210.1" # public servers interface
ip address
pvt_ip = "192.168.210.1" # private servers interface
ip address
pod_ip = "172.16.110.1" # cisco router pod interface
ip address
### physical interfaces
int_if = "hme0" # internal interface
pvt_srv_if = "hme1" # private server interface
pub_svr_if = "hme2" # public server interface
cisco_pod_if = "hme3" # router lab interface
ext_if = "hme4" # external interface
all_if = "{ hme0, hme1, hme2, hme3, hme4}" # all interfaces
### networks
int_net = "192.168.110.240/28" # internal LAN
ext_net = "10.10.110.0/30" # external LAN
pvt_net = "192.168.210.0/30" # private server network
pub_net = "172.16.210.0/30" # public server network
pod_net = "172.16.110.0/30" # cisco router pod network
### servers
web_server = "172.16.210.2" # webserver
PDC = "192.168.210.2" # primary domain server
router = "10.10.110.1" # router
access_server = "172.16.110.2" # cisco pod access server
print_server = "192.168.100.251" # print server
proxy_server = " 192.168.100.248" # proxy server
### internal network hosts
venus = "192.168.110.242" # ami's system
saturn = "192.168.110.243" # my system
mercury = "192.168.110.249" # laptop
uranus = "192.168.110.248" # backup server
neptune = "192.168.110.253" # OpenBSD
hosts = "{" $venus $saturn $mercury $uranus "}"
### Private addresses
spoof_ips= "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
# private addresses
### Services
www = "{ 80, 443}" # http/https
##################################################################
### Options: tune the behavior of pf
##################################################################
### Sets the interface for which PF should gather statistics such as bytes
in/out and packets passed/blocked
### Optimize PF for one of the following network environments
### packet is silently dropped
# default options
#set require-order yes
#set optimization normal
#set block-policy drop
#set fingerprints "/etc/pf.os"
set loginterface hme4
##########################
###Packet Filtering Table
##########################
### Clean up fragmented packets and abnormal packets
scrub in all fragment reassemble
### redirect/nat rules
nat on $ext_if from any to any -> $ext_ip
###
### traffic rules ###
###
pass in all
pass out all
i'd appreciate any and all help
added code tags for readability --oombera