Configure pf Firewall: Difference between revisions
imported>Jacob No edit summary |
imported>Jacob mNo edit summary |
||
| Line 1: | Line 1: | ||
The philosophy we will use for the fire wall is that we split in 2 or 4 | The philosophy we will use for the fire wall is that we split in 2 or 4 steps depending on if the traffic initiated outside WAN or RED side or the inside LAN or GREEN.<br> | ||
We | First of all we have an "blabla" IP-range on the LAN side. So we will need to use NAT to be able to communicate from the LAN to the WAN. | ||
Traffic initiated on the LAN will be send to the WAN destination using NAT. NAT will pickup the return traffic and translate it the the correct LAN host. | |||
That also mean we have only one public available IP address to which all traffic initiated on the WAN wil be send.That means we need to redirect that traffic to the right host.<br> | |||
We also split the config in tcp and udp traffic for efficiency reasons see: NOTE link needed here to article or book.<br> | |||
<br> | <br> | ||
* [[pf.conf file]] | * [[pf.conf file]] | ||
Revision as of 20:28, 4 June 2019
The philosophy we will use for the fire wall is that we split in 2 or 4 steps depending on if the traffic initiated outside WAN or RED side or the inside LAN or GREEN.
First of all we have an "blabla" IP-range on the LAN side. So we will need to use NAT to be able to communicate from the LAN to the WAN.
Traffic initiated on the LAN will be send to the WAN destination using NAT. NAT will pickup the return traffic and translate it the the correct LAN host.
That also mean we have only one public available IP address to which all traffic initiated on the WAN wil be send.That means we need to redirect that traffic to the right host.
We also split the config in tcp and udp traffic for efficiency reasons see: NOTE link needed here to article or book.