Can anybody point me to a sample pf.conf file that would cover the following scenario? My old rules from ipfilter and ipnat don't seem to be working.
I have an OpenBSD box as a firewall/router between the outside and a single PC on the inside hosting two web sites on different addresses and ports. The way it was working with ipf (and the way I would like it to continue working, so I don't have to change my httpd.conf file -- not wanting to break more than one thing at a time) is that incoming requests to foo.com:80 were redirected to 192.168.0.1:8080 and those to bar.com:80 were redirected to 192.168.0.2:8090. This has worked fine for me with ipf. And all outgoing connections from inside were given the same IP address, that of the external interface on the gateway. Is what I describe an application of binat? I'm confused about what binat is for but am wondering if binat is what I need since the old ipf rules aren't working. The documentation online is frustrating -- a lot of it has been written before the integration of pf.conf and nat.conf, apparently; there is exactly one example of binat in the pf.conf man page, and it is a pretty unenlightening example; also, NAT is covered after filtering in the man page, when in fact one needs to understand and configure NAT in pf.conf *before* the filtering configuration, if both are used; the HOWTO doesn't mention binat, and says this is how to load the rule set: pfctl -R /etc/pf.conf What that line does is load the filtering rules, and ignore the NAT rules -- but the HOWTO doesn't say that. Then again, I am confused, so maybe I'm also wrong -- any corrections would be appreciated! Sorry about the rant. I understand things are evolving and the documents need time to catch up, so my whining about the documents is not just meant as a complaint, but more to say yes, I have tried to read the fine manual. Hopefully the manuals will be even more fine soon. So in the meantime is there anyone running a similar setup who would be willing to share the NAT part of your rule set? I've scoured the PF part of my rules pretty well and they seem OK. Am happy to post them if that would help... __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - Let the expert host your site http://webhosting.yahoo.com
