Changeset 13234 in hybrid


Ignore:
Timestamp:
Apr 6, 2015, 8:11:44 PM (10 years ago)
Author:
huub
Message:

NAT OK ook bij alias op external interface

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/releng-9/nanobsd/files/etc/pf.hybrid.conf

    r11543 r13234  
    1717#
    1818
    19 # Standard port allow listings
    20 allow_ext_in_tcp="ssh, domain, openvpn"
    21 allow_ext_in_udp="domain, snmp, openvpn"
     19# Standard port allow listings for external services
     20allow_ext_in_tcp="1022, openvpn"
     21allow_ext_in_udp="snmp, openvpn"
     22
     23# Standard port allow listings for services at host network (in case of NAT)
     24allow_private_in_tcp="domain"
     25allow_private_in_udp="domain"
    2226
    2327allow_ext_out_tcp = "domain, http, https, openvpn"
     
    2630
    2731# Default configuration for ALIX2 with vr0 as external interface and wlan0 as
    28 # the public accesspoint in iLeiden setup, no aliases on interfaces.
     32# the public accesspoint in iLeiden setup, aliases on external interface OK.
    2933ext_if="vr0"
    3034ext_ip="(vr0:0)"
     
    5458no nat from $wl_net to $private
    5559
    56 # Nat the internet for iLeiden functionality (1)
    57 nat on $inet_if inet proto tcp from $wl_net to ! $wl_net port { $publicnat } -> ($inet_if)
     60# Nat the internet for iLeiden functionality allow for alias on vr0 (1)
     61nat on $inet_if inet proto tcp from $wl_net to ! $wl_net port { $publicnat } -> ($inet_ip)
    5862
    5963
     
    9195pass out quick on $ext_if from $wl_net to $wl_net
    9296
    93 # Expose some local services (4)
     97# Expose some local services for internal (NATted) network (4)
     98pass in on $ext_if inet proto tcp from $private to $ext_if port { $allow_private_in_tcp } keep state
     99pass in on $ext_if inet proto udp from $private to $ext_if port { $allow_private_in_udp } keep state
     100pass in on $ext_if inet proto icmp from $private to $ext_if icmp-type { echoreq }
     101
     102# Expose some local services for the external world (WWW) network (4)
    94103pass in on $ext_if inet proto tcp from any to $ext_if port { $allow_ext_in_tcp } keep state
    95104pass in on $ext_if inet proto udp from any to $ext_if port { $allow_ext_in_udp } keep state
Note: See TracChangeset for help on using the changeset viewer.