If I understand you correctly, what you are asking for requires an
external IP for each of the internal servers. After that it is just a
matter of forwarding all ports from an external ip to an internal one,
applying firewall rules either on the gateway/router box or on the
internal server.
Andreas
On Sun, 2005-05-15 at 11:05 +0200, GV wrote:
> I apologize for the confusion but didn't realize that my question wasn't
> clear
> enough!
>
> Well, the whole story was to have a server in the LAN (actually a range of
> servers!) where only NAT and no firewall had to be enabled. Users from
> Internet should have full access to all the ports of these servers! Probably,
> from a design point of view, I had to create a separate LAN (an extra NIC on
> my OpenBSD box) and connect all these 'weird' machines to this subnet?
>
> In any case I would like to thank the people in the list who took the time to
> correct my faulty rdr rule in the pf.conf.
>
> George
>
> On Saturday 14 May 2005 23:42, Jason Dixon wrote:
> > On May 14, 2005, at 5:25 PM, GV wrote:
> > > Hi,
> > >
> > > I have a situation where an internal (located in a LAN and behind a
> > > OpenBSD
> > > firewall/NAT) has to be fully exposed to the Internet! What's the best
> > > way to
> > > acieve that?
> >
> > Sorry, your question makes no sense. What are you trying to "achieve"?
> > Are you asking about the filtering done on the firewall? Tightening
> > down the users and/or services on the server? Please don't make us
> > guess.
> >
> > --
> > Jason Dixon
> > DixonGroup Consulting
> > http://www.dixongroup.net
