|
Lines 718-725
Link Here
|
| 718 |
running <application>PF</application> to act as a gateway |
718 |
running <application>PF</application> to act as a gateway |
| 719 |
for at least one other machine. The gateway needs at least |
719 |
for at least one other machine. The gateway needs at least |
| 720 |
two network interfaces, each connected to a separate |
720 |
two network interfaces, each connected to a separate |
| 721 |
network. In this example, <filename>xl1</filename> is |
721 |
network. In this example, <filename>xl0</filename> is |
| 722 |
connected to the Internet and <filename>xl0</filename> is |
722 |
connected to the Internet and <filename>xl1</filename> is |
| 723 |
connected to the internal network.</para> |
723 |
connected to the internal network.</para> |
| 724 |
|
724 |
|
| 725 |
<para>First, enable the gateway in order to let the machine |
725 |
<para>First, enable the gateway in order to let the machine |
|
Lines 744-752
Link Here
|
| 744 |
|
744 |
|
| 745 |
<para>Next, create the <application>PF</application> rules to |
745 |
<para>Next, create the <application>PF</application> rules to |
| 746 |
allow the gateway to pass traffic. While the following rule |
746 |
allow the gateway to pass traffic. While the following rule |
| 747 |
allows stateful traffic to pass from the Internet to hosts |
747 |
allows stateful traffic from hosts of the internal network |
| 748 |
on the network, the <literal>to</literal> keyword does not |
748 |
to pass to the gateway, the <literal>to</literal> keyword |
| 749 |
guarantee passage all the way from source to |
749 |
does not guarantee passage all the way from source to |
| 750 |
destination:</para> |
750 |
destination:</para> |
| 751 |
|
751 |
|
| 752 |
<programlisting>pass in on xl1 from xl1:network to xl0:network port $ports keep state</programlisting> |
752 |
<programlisting>pass in on xl1 from xl1:network to xl0:network port $ports keep state</programlisting> |