Visit Jeremy's Blog.
Go Back > Forums > Other *NIX Forums > *BSD
User Name
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.


  Search this Thread
Old 06-16-2005, 06:01 AM   #1
Registered: Mar 2005
Posts: 146

Rep: Reputation: 15
PF - design/configure firewall for network using ADSL connection -- please help me

PF - design/configure firewall for network using ADSL connection

I have some problem when build my firewall on openbsd 3.7
Here is my network diagram:

{Internet}------{ADSL modem}----{openbsd-gateway}-----{localnetwork}---{win2k3}

ip: Dynamic IP
type: ADSL connection

---modem ADSL---

+ interface
- xl0: connect to modem ADSL, ip:
- xl1: connect to localnetwork, ip:
+ service:
- DHCP for localnetwork
- Web server for localnetwork
- DNS for localnetwork with domain abc.ex
- LDAP for localnetwork
- Mailserver for localnetwork and also is mail gateway from domain abc.ex outsite Internet
- Squid proxy

+ interface
+ service
- Active Directory
- File server

- allow all traffic only in localnetwork
- work better with win2k3 when join domain xyz.ex
- all request from localnetwork to Internet such as: web, ftp must be checked at Squid proxy server.

--openbsd gateway--
- allow all request to web server, mail server (POP3s, IMAPs), LDAP, squid,....running on openbsd-gateway server.
- allow transparent all request from localnetwork to win2k3 server running DNS "xyz.ex"
- allow VIP1 user has IP address {,} can use FTP
- allow VIP2 user can connect to all port from inside to outside without restriction.
- Redirect all request from localnetwork to Internet to port 8080 which Squid proxy is listening.
- Deny all request of service from localnetwork to Internet such as: games online, Xmule, bittorrent, POP (users used local mailserver), FTP....general speak, deny all traffic no need from users inside.
- Deny all scan port program, inject, exploit from inside.
- NAT all allow traffic from inside to outside network
- Log all action exploit from inside

- deny all dangerous traffic from internet to inside network
- prevent all action exploit from outsite internet.
- Log all action exploit from outside

These are my firewall/gateway that i want to configure for my local network. I really confuse about PF. Please help me.
Thank you very much.
Old 06-20-2005, 05:06 AM   #2
Registered: Mar 2005
Posts: 146

Original Poster
Rep: Reputation: 15
Please help me. I am waiting for your help.
Old 06-21-2005, 09:38 PM   #3
Registered: May 2005
Location: San Antonio, TX
Distribution: OpenBSD 3.7
Posts: 76

Rep: Reputation: 15
I know much a lot about firewalling with OpenBSD but no-one wants to write a complex file for you. Do a

>man pf.conf

There is a very detailed description of rules configuration including sections and examples. I am working now but perhaps I can give you a rudimentary copy to begin with.

I would suggest opening up entirely and starting to ping and go from there. Experiment then ping ....
Old 06-22-2005, 12:27 AM   #4
Registered: Mar 2005
Posts: 146

Original Poster
Rep: Reputation: 15
Thank you very much.
I always waiting for your help, your guide and your suggestions.
However if your guid match with my purpose is very thanks.
I also read Asolutely Openbsd book and i think it will help me more, and with your help.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I configure my adsl connection for network install? subaruwrx Debian 2 11-20-2004 07:09 AM
How to configure an ADSL connection with authentication? ricguitar Linux - Networking 14 09-02-2004 01:51 PM
roaring ADSL connection and firewall question alextai Linux - Networking 0 01-17-2004 03:42 PM
How to configure adsl connection from downloaded driver? timberwolf Mandriva 3 12-10-2003 10:39 PM
Configure ADSL Connection mib Linux - Newbie 8 03-13-2003 03:00 PM > Forums > Other *NIX Forums > *BSD

All times are GMT -5. The time now is 03:55 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration