Hi all
New to Open BSD and PF
Trying to set up nat for a 10.x.x.x/24 public 1.2.3.4
Below is my rule set for NAT only
I am enabling PF for nat only .. pfctl -eN
however it is not working ,
I get no results with pfctl -s state
pfctl -s nat does show the rule set correctly
TCP dump on the xl1 shows that the interface is receiving traffic ... what I am I missing
Thanks for any insight
The ruleset is below :
enBSD: pf.conf,v 1.27 2004/03/02 20:13:55 cedric Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
#ext_if="ext0"
#int_if="int0"
#table <spamd> persist
#table <spamd-white> persist
#scrub in
#########################################################################################
#### NAT configuration LB 10/20/04
#### Only doing NAT no rdr or binat
#### Set the Macro definitions
## ext_if : Interface on which traffic is coming to NAT
## ext_ad : Public IPv4 address assigned to the firewalls external
interface.
## priv_ad : Range of private IPv4 addresses assigned to host on [EMAIL PROTECTED]
network
## nat_proto: Nated Protocols
ext_if = "xl1"
int_if = "xl0"
ext_ad = "158.x.x.0/x"
priv_ad = "10.0.0.0/24"
nat_proto = "{tcp, udp, icmp}"
#### Set the Rules for NAT - what we are NATing basically
nat pass on $ext_if inet proto $nat_proto from $priv_ad to any ->
$ext_ad
#### end nat rules set and configuration section of Pf config.
########################################################################################
########################################################################################
#rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
#rdr pass on $ext_if proto tcp from <spamd> to port smtp \
# -> 127.0.0.1 port spamd
#rdr pass on $ext_if proto tcp from !<spamd-white> to port smtp \
# -> 127.0.0.1 port spamd
#block in
#pass out keep state
#pass quick on { lo $int_if }
#antispoof quick for { lo $int_if }
#pass in on $ext_if proto tcp to ($ext_if) port ssh keep state
#pass in on $ext_if proto tcp to ($ext_if) port > 49151 user proxy keep state
#pass in log on $ext_if proto tcp to ($ext_if) port smtp keep state
#pass out log on $ext_if proto tcp from ($ext_if) to port smtp keep state
___________________
A. Lester Burke
Network Analyst
Arlington Public Schools, VA
V 703-228-6057
E [EMAIL PROTECTED]
"They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."
Ben Franklin
- NAT *before* routing decision Chris Wilson
- Help with NAT rules Lester
- Re: Help with NAT rules Jason Opperisano
- Re: NAT *before* routing decision Oliver Humpage
- Re: NAT *before* routing decision Cedric Berger
- RE: NAT *before* routing decision Fisher, James L.
