SEO

#1 (**permalink**) 02-16-2008, 04:17 AM

Sorry guys......DOH!

# Variable declarations

INT="rl1"
EXT="rl0"
LAN="192.168.0.0/24"

BADIPS="{ 127.0.0.1/8, 192.168.0.0./16, 172.16.0.0/12, 10.0.0.0/8 }"

scrub in all

nat on $INT from $LAN to any -> 195.80.23.146

pass in all
pass out all

#2 (**permalink**) 02-16-2008, 04:17 AM

robin wrote:
> Sorry guys......DOH!
>
> # Variable declarations
>
> INT="rl1"
> EXT="rl0"
> LAN="192.168.0.0/24"
>
> BADIPS="{ 127.0.0.1/8, 192.168.0.0./16, 172.16.0.0/12, 10.0.0.0/8 }"
>
> scrub in all
>
> nat on $INT from $LAN to any -> 195.80.23.146
>
> pass in all
> pass out all
>

Try changing

nat on $INT from $LAN to any -> 195.80.23.146

to:

nat on $INT from $LAN to any -> $EXT

--
Kris Kielhofner

#3 (**permalink**) 02-16-2008, 04:17 AM

Hi, Thanks for the help.
ok did that but
Still the same systax error.

Bummer!!

"Kris Kielhofner" <klists@wisvis.com> wrote in message
news:1RGMa.164755$Xl.2665848@twister.rdc-kc.rr.com...
> robin wrote:
> > Sorry guys......DOH!
> >
> > # Variable declarations
> >
> > INT="rl1"
> > EXT="rl0"
> > LAN="192.168.0.0/24"
> >
> > BADIPS="{ 127.0.0.1/8, 192.168.0.0./16, 172.16.0.0/12, 10.0.0.0/8 }"
> >
> > scrub in all
> >
> > nat on $INT from $LAN to any -> 195.80.23.146
> >
> > pass in all
> > pass out all
> >
>
> Try changing
>
> nat on $INT from $LAN to any -> 195.80.23.146
>
> to:
>
> nat on $INT from $LAN to any -> $EXT
>
> --
> Kris Kielhofner
>

#4 (**permalink**) 02-16-2008, 04:17 AM

> The "nat" line should be above the "scrub" rule, or you deactivate the
order
> enforcing (-> man pf.conf).
>
> HTH Konfu
>
Have you read man pf.conf?
---
Macros
Tables
Options
Traffic Normalization (e.g. scrub)
Queueing
Translation (Various forms of NAT)
Packet Filtering
With the exception of macros and tables, the types of statements should
be grouped and appear in pf.conf in the order shown above, as this
match-
es the operation of the underlying packet filtering engine.
---

#5 (**permalink**) 02-16-2008, 04:17 AM

On Wed, 2 Jul 2003 20:46:32 +0100, robin wrote:

> BADIPS="{ 127.0.0.1/8, 192.168.0.0./16, 172.16.0.0/12, 10.0.0.0/8 }"

If you look at this line long and hard, you'll spot the mistake
(superfluous period after the second zero in 192.168.0.0./16).

How we should find this on line 9 of what you posted is beyond me,
you probably posted something else than you tried to load...

Daniel

#6 (**permalink**) 02-16-2008, 04:17 AM

"robin" <robin@interalpha.co.uk> wrote in message
news:fJicnaW2vaoKq56iXTWJkA@tcp.co.uk...
> Sorry guys......DOH!
>
> # Variable declarations
>
> INT="rl1"
> EXT="rl0"
> LAN="192.168.0.0/24"
>
> BADIPS="{ 127.0.0.1/8, 192.168.0.0./16, 172.16.0.0/12, 10.0.0.0/8 }"
>
> scrub in all
>
> nat on $INT from $LAN to any -> 195.80.23.146
>
> pass in all
> pass out all
>
>
>
>
>

Hi group

Once i put the external ip in speech marks (nat on $INT from $LAN to any ->
195.80.23.146) the conf load without any hitch at all. but i still cant get
nat working at all.

So back to the books thanks for all the advice

#7 (**permalink**) 02-16-2008, 04:17 AM

> Once i put the external ip in speech marks (nat on $INT from $LAN to
any ->
> 195.80.23.146) the conf load without any hitch at all. but i still cant
get
> nat working at all.
>
> So back to the books thanks for all the advice
>
>
try to put spaces around IP like " 195.80.23.146 "

I have this

address = "( tun0 )"
nat on tun0 from 192.168.2.0/24 to any -> $address

working ok

#8 (**permalink**) 02-16-2008, 04:18 AM

"robin" <robin@interalpha.co.uk> wrote in message news:<fJicnaW2vaoKq56iXTWJkA@tcp.co.uk>...
> BADIPS="{ 127.0.0.1/8, 192.168.0.0./16, 172.16.0.0/12, 10.0.0.0/8 }"
>

If I start my pf.conf with

block in log all
block out log all

do I still need to block 127.0.0.1/8 etc. away?

thx
--
ia

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode