no, I don't need any port of that machine to be exposed to the Internet. Only a certain range.
I tried the following: ------ nat on $ext_if from $int_if:network to any -> $ext_if rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021 rdr pass on $ext_if proto tcp from any to any port 8000 -> $cam1 port 80 rdr pass on $int_if proto tcp from $cam1 to any -> $ext_if ------ I do get access to the internal ($cam1) port 80 but no response back from the other ports this machine is using! Is like an one-way communication! If you say that I "will need to alias another ip to your obsd box and binat traffic destined to that address" you mean a public IP address? Thanks On Sunday 15 May 2005 00:05, Abraham Al-Saleh wrote: > Do you need every port on the mail server to be exposed to the internet? > that's how I originally interpreted your question. If you only need mail > server ports, then use the rdr statement, which you can again read about in > the pf.conf man page. Otherwise, you will need to alias another ip to your > obsd box and binat traffic destined to that address to your mail server. > > On 5/14/05, GV <[EMAIL PROTECTED]> wrote: > > thanks for your prompt reply. > > > > I do agree with you but when reading the manual concerning binat it says: > > > > ---- > > ..Connections from the Internet to the external address will be > > translated to > > the internal address.. > > ---- > > > > which means that ANY connection from the Internet will be > > translated/redirected to this specific server which actually discharges > > my whole LAN? > > > > To be more specific, I first tried the following configuration: > > > > ---------- > > binat on $ext_if from $cam1 to any -> $ext_if > > nat on $ext_if from $int_if:network to any -> $ext_if > > ---------- > > > > and couldn't ssh my server any more cause my connection was automatically > > redirected to port 22 of the internal machine where no sshd was > > running!!!!!!! > > > > I think that I misunderstood binat but couldn't find any detailed docs or > > examples how to use it. If you have time to provide me some directions to > > this? > > > > Thanks for your support > > > > George > > > > On Saturday 14 May 2005 23:46, Abraham Al-Saleh wrote: > > > Use binat. > > > > > > From man (5) pf.conf: > > > > > > "binat > > > A binat rule specifies a bidirectional mapping between an external > > > IP netblock and an internal IP netblock." > > > > > > read the pf.conf manual page for more information. > > > > > > On 5/14/05, GV <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > > > > > I have a situation where an internal (located in a LAN and behind a > > > > OpenBSD > > > > firewall/NAT) has to be fully exposed to the Internet! What's the > > > > best way to > > > > acieve that? > > > > > > > > Thanks > > > > > > > > George
