Hi,

We have to internal networks
192.168.100.0/24
192.168.200.0/24

The two networks are connected
via a gateway (192.168.200.1 -
192.168.100.2)

Our OpenBSD 3.1 works as a firewall
for the 192.168.200.0 LAN, so its ne3
interface address is 192.168.200.254.
(it's a different PC, not the gateway)

My problem is if someone wants to browse
our internal web server from the LAN 100.0,
than pf drops the packets (the web server's
default gateway is the firewall).

Here're the rules;

LAN1="192.168.200.0/24"
LAN1IF="ne3"
LAN1IP="192.168.200.254/32"
pass in log quick on $LAN1IF from any to any flags S keep state
pass out log quick on $LAN1IF from any to any flags S keep state

But it always blocks the packet originated from our web server
(192.168.200.10)
back to the client:

Oct 02 13:15:12.716530 rule 83/0(match): block in on ne3: 192.168.200.10.80
> 192.168.100.131.1442: S 2820692782:2820692782(0) ack 4139813971 win 5840
<mss 1460> (DF)

Rule 83:
block in log quick all

# route show
192.168.100.0 192.168.200.1 UG

Could you help me please, what should I set to enable
the web server to connect back to the high ports of
the clients on the other LAN?

Thanks in advance!

Regards;

                Istvan

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]