Hello, I have a small office that I'm expanding my IT for, and the off-the-shelf Netgear router I had just wasn't flexible enough. Especially after it died! :-)
After reading up, and talking to some technical folks, I decided it was time to upgrade to a Freebsd Pf-firewall. With a bit of reading & trial and error, I've now managed to get a simple firewall running including basic Nat stuff. Pretty powerful it looks like! But now, I'm really stuck at understanding the more-advanced Nat & Binat for directing traffic to/from specific servers, etc. Here's what I want to do; I'm hoping someone here might be able to help? I have a "/29 block" of Static IP addresses (X.X.X.104 to X.X.X.111) provided by my ISP. The "main" address is X.X.X.110. Right now, all my internet traffic appears as if it's coming to & from that address. In my office I have three machines that I want to have communicate to & from one of the other IPs, X.X.X.109. Those machines are using the Internal Nat addresses of 192.168.1.10, 192.168.1.11 & 192.168.1.12. To do this, I think I need both nat & binat, and from what I understand, I should add the following to my "pf.conf" file -- wanIF = "tun0" lanIF = "sis0" wanIP_1 = "X.X.X.110" wanIP_2 = "X.X.X.109" server_1 = "192.168.1.10" server_2 = "192.168.1.11" server_3 = "192.168.1.12" binat on $wanIF from $server_1 to any -> $wanIP_2 binat on $wanIF from $server_2 to any -> $wanIP_2 binat on $wanIF from $server_3 to any -> $wanIP_2 nat on $wanIF from $server_1 to any -> $wanIP_2 nat on $wanIF from $server_2 to any -> $wanIP_2 nat on $wanIF from $server_3 to any -> $wanIP_2 But the thing that confuses me is that BINAT is supposedly "1:1 mapping", and I'm worried that using all three binat lines is going to cause some sort of collision or confusion. My head's spinning from reading up on this. I've managed to get more confused from all the examples, and I'm just not sure how to go about this. Any helpful suggestions would be appreaciated a lot! Thanks alot, JC _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
