i use the following pf.conf for nat/firewalling on a dualhomed -current box:
ext_if="ep0"
internal_net="192.168.0.0/24"
external_addr="10.0.0.100"
webserver="192.168.0.225"
ambiguities.
scrub in all
nat on $ext_if from $internal_net to any -> ($ext_if)
rdr on $ext_if proto tcp from any to $external_addr port 80 -> 192.168.0.200 port 80
# filter rules: the implicit first two rules are
pass in all
pass out all
block in log all
pass in on $ext_if proto tcp from any to $ext_if port 22 keep state
pass in on $ext_if proto tcp from any to $ext_if/32 port 80 keep state
pass out on $ext_if proto { tcp, udp } all keep state
pass in from 192.168.0.0/24 to any
NAT works fine, but i never managed to forward traffic from outside to
the internal 192.168.0.225 webserver. What am i doing wrong here?
