> outside = "{ a.b.c.d }"
> special = "{ 10.23.145.10 }"
> internal = "{ 10.23.145.0/24, !10.23.145.10 }"
> nat on fxp0 from $internal to any -> $outside
> binat on fxp0 from $special to any -> $outside
>
> Meaning of this is that i do with natting and portmapping on all
> normal connections, but only the host 10.23.145.10 should not be
> portmapped. Actually i wish it more specified, only source port 5555
> from $special should not be portmapped, the rest doesnt matter. Is
> such possible or should i stick to this?
> Bye,
Your first nat rule uses a list that will be expanded
to two nat rules - (a) for subnet 10.23.145.0/24 and (b) for
!10.23.145.10 - remember that nat/binat/rdr rules are fist match
only - so the (a) would simply catch everything and the (b) wouldn't be
evaluated (unless you have ips besides net 10.23.145.0/24).
As for binat - you can't specify ports with it - it's used for, i.e. 1:1
mappings, when you have more than one public ip, and want to route
traffic from/to some internal host using one of those ips.
I guess, following could work for you: (** note I'm still relatively new
to pf, so I might be wrong **):
outside = "a.b.c.d"
special = "10.23.145.10"
lan = "10.23.145.0/24"
nat on fxp0 from $special port 5555 to any -> $outside static-port
nat on fxp0 from $lan to any -> $outside
