Re: PF configuration for munin

[三輪晋( Miwa Susumu ) <miwarin%gmail.com@localhost>]

hi

Sorry first.
because it was not enough to set up, I could telnet to munin

I wrote /usr/pkg/etc/munin/munin-node.conf

  allow ^192\.168\.0\..*

now I can telnet.
that's ok.
sorry.   orz

2012/1/24 Ian Clark <mrrooster%gmail.com@localhost>:
> Do you have any rules after this that would be blocking the traffic?
>
> You could try adding the 'quick' keyword to the rule, which will stop
> any further rules being processed if the rule matches...
>
> pass in quick on.....

I don't write anything after this rule.
so I wrote:

 ext_if = "pcn0"
 lo_if = "lo0"
 tcp_services = "{ ssh, www, smtp, domain, munin, netbios-ssn, microsoft-ds }"
 udp_services = "{ domain, netbios-ns, netbios-dgm }"
 priv_nets = "{ 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
 localhost="127.0.0.1"

 pass in quick on $ext_if inet proto tcp from any to ($ext_if) port
$tcp_services flags S/SA keep state
 pass in quick on $ext_if inet proto udp from any to ($ext_if) port
$udp_services

however, nmap does not appear again.

 Starting Nmap 5.21 ( http://nmap.org ) at 2012-01-28 23:47 JST
 Nmap scan report for mogu (192.168.0.23)
 Host is up (0.00041s latency).
 rDNS record for 192.168.0.23: mogu.area51.gr.jp
 Not shown: 996 closed ports
 PORT    STATE SERVICE
 22/tcp  open  ssh
 80/tcp  open  http
 139/tcp open  netbios-ssn
 445/tcp open  microsoft-ds
 MAC Address: 00:0C:29:67:4E:FB (VMware)

 Nmap done: 1 IP address (1 host up) scanned in 13.19 seconds


that does not appear in nmap, I can telnet.
What's the thing about nmap is no need to worry?
hmmm...

-- 
miwa