NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Help npf, only one port opened, but several expected.



luisvmendes%yandex.com@localhost (Luis Mendes) writes:

>Maybe I didn't explained correctly.
>What I meant is that albeit I had several ports that should be open, by
>the rules, only one as detected by a massive scan.
>The "should be" is in my understanding only.

Yes. Just saying that a rule with multiple ports or port ranges works
for me.


>|          # allow known IPSEC traffic
>|          pass out final proto udp from $ext_v4 \
>|                  port isakmp to $ipsec_peers port isakmp
>|          pass in final proto udp from $ipsec_peers \
>|                  port isakmp to $ext_v4 port isakmp
>|          pass out final proto esp from $ext_v4 to $ipsec_peers
>|          pass in final proto esp from $ipsec_peers to $ext_v4

>Regarding the $ipsec_peers, I don't have that information.
>Maybe have to use 'any'.

This is just copy and paste from my configuration. For "road warrior"
settings with arbitrary IPs, this needs to be 'any'.




Home | Main Index | Thread Index | Old Index