PF configuration error

[codo]

I can dial to my ISP using ppp ddial command, and i can ping my OBSD server from and to my win2000 client, but when i tried to ping

http://www.yahoo.com

from the OBSD server it goes fail.
my network card is Realtek PCI and been identified as ne3 and my modem identified as tun0. I'm using dial up connection to my ISP.

this is my pf.conf that i copied from the pf manual.

# macros
int_if = "ne3"
ext_if = "ep0"

tcp_services = "{ 22, 113 }"
icmp_types = "echoreq"

priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"

# options
set block-policy return
set loginterface $ext_if

# scrub
scrub in all

# nat/rdr
nat on $ext_if from $int_if:network to any -> ($ext_if)
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021

# filter rules
block all

pass quick on lo0 all

block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets

pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state

pass in inet proto icmp all icmp-type $icmp_types keep state

pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state

pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state



When i run the pf.conf using pfctl -f command i got this message:
1."cannot resolve ne3:network: temporary fail in name resolution "
(this error in every line that consist of $int_if variable)
2."pfctl:syntax error in fle: pf rules not load"

can somebody tell me what's wrong with my pf configuration?
thank's

 

[codo]

I also can ping my ISP but when i tried to ping another site it tooks forever for the reply. What is the setting for my XP Client and IE connection so i can connect to the internet? THx.

 

[OpenBsdRulez]

First off all my networkcard also realtek and named rl0 but that might not slove your problem.

Have you filed in a gateway:

/etc/mygate

You should be able to get this ip from your ISP from there you are routed through the internet

As for the firewall rulez i can only give you mine, Because someone maid these rules for me and I never bothered to investigate them properly. I will have to soon because I want to know how to make queing with the pf.conf possible.
Matbe someone know's howto?

#/etc/pf.conf OpenBSD

#declarations
EXTIF="rl0"
INTIF="rl1"
LOCALIF="lo0"
LAN="192.168.0.0/24"
NO_ROUTE="{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"

#section options
set loginterface $EXTIF
set limit { states 10000, frags 10000 }
set optimization normal

#section scrub
scrub in all

#section NAT
nat on $EXTIF from 192.168.0.0/24 to any -> $EXTIF

#section filter
block log all
pass on $LOCALIF all

antispoof log quick for $INTIF
pass in on $INTIF inet proto icmp from $LAN to any keep state
pass in on $INTIF inet proto udp from $LAN to any keep state
pass in on $INTIF inet proto tcp from $LAN to any modulate state
pass out on $INTIF inet proto icmp from any to $LAN keep state
pass out on $INTIF inet proto udp from any to $LAN keep state
pass out on $INTIF inet proto tcp from any to $LAN modulate state

antispoof log quick for $EXTIF
block in log quick on $EXTIF inet from $NO_ROUTE to any
block return-rst in log quick on $EXTIF proto tcp from any to any port 113
pass in on $EXTIF inet proto icmp all keep state
pass in on $EXTIF inet proto tcp from any to any port 22 flags S/SA modulate state
pass in on $EXTIF inet proto tcp from any to any port 80 flags S/SA modulate state
pass in on $EXTIF inet proto tcp from any to any port 443 flags S/SA modulate state
block out log quick on $EXTIF inet from any to $NO_ROUTE
pass out on $EXTIF inet proto icmp all keep state
pass out on $EXTIF inet proto udp all keep state
pass out on $EXTIF inet proto tcp all modulate state

 

[OpenBsdRulez]

ohyeah and what is your dns-config in /etc/resolv.conf

try pinging an ip instead of an unresolved adres