Hi, I try to configure pf the right way for hours now and I will soon become crazy. I have a router/firewall (192.168.0.1) and a second computer (192.168.0.20) in my LAN (192.168.0.0/25). The router is connected to the Internet with ADSL (tun0).
On the computer runs an eMule client. Now I want to configure PF that the outside world thinks my eMule client is connected directly to my ISP. First everything is blocked in pf.conf. For the purpose I have created this config part: nat on tun0 inet from 192.168.0.0/25 to any -> (tun0) rdr pass on tun0 inet proto tcp from ! 192.168.0.0/25 to (tun0) port = 4661 -> 192.168.0.20 rdr pass on tun0 inet proto tcp from ! 192.168.0.0/25 to (tun0) port = 4662 -> 192.168.0.20 rdr pass on tun0 inet proto udp from ! 192.168.0.0/25 to (tun0) port = 4665 -> 192.168.0.20 rdr pass on tun0 inet proto udp from ! 192.168.0.0/25 to (tun0) port = 4672 -> 192.168.0.20 block return log on tun0 all block drop in log quick on tun0 inet from 127.0.0.0/8 to any block drop in log quick on tun0 inet from 192.168.0.0/16 to any block drop in log quick on tun0 inet from 172.16.0.0/12 to any block drop in log quick on tun0 inet from 10.0.0.0/8 to any block drop in log quick on tun0 inet from 255.255.255.255 to any block drop in log quick on tun0 inet from any to 127.0.0.0/8 block drop in log quick on tun0 inet from any to 172.16.0.0/12 block drop in log quick on tun0 inet from any to 10.0.0.0/8 block drop in log quick on tun0 inet from any to 255.255.255.255 block drop out log quick on tun0 inet from any to 127.0.0.0/8 block drop out log quick on tun0 inet from any to 192.168.0.0/16 block drop out log quick on tun0 inet from any to 172.16.0.0/12 block drop out log quick on tun0 inet from any to 10.0.0.0/8 block drop out log quick on tun0 inet from any to 255.255.255.255 block drop out log quick on tun0 inet from 127.0.0.0/8 to any block drop out log quick on tun0 inet from 172.16.0.0/12 to any block drop out log quick on tun0 inet from 10.0.0.0/8 to any block drop out log quick on tun0 inet from 255.255.255.255 to any pass in on ne1 inet from 192.168.0.0/25 to ! 192.168.0.0/25 keep state pass out on tun0 proto tcp all flags S/SA modulate state pass out on tun0 proto udp all keep state At the moment other guys download from me and I can also download but very bad. The problem is that I can not connect the most eMule servers. I think there are only two or three servers which I can connect with a low id. A low id instead of a high id says that the server knows that my configuration uses NAT and the client is not directly connected. To the other hundred servers or so my client get no connection. Can you help me and tell me what is wrong with my config? I think I have rules you can read in all the FAQs but it doesn't do the job... Markus
