Re: exposing an internal server to the Internet

[Reg]

So, if i understand correcly, you want all ip services on the internal 
machine exposed to some NAT'd ip?  Keep in mind if this machine is 
compromised the entire internal network is then compromised.
Think about Mario's suggestion about transparent bridging.  This way you 
can allow all access from outside into the target machine, but filter 
the traffic between the target machine and the rest of your  network

Internet  ---- PF ---- target ---- PF bridge ---- private network.  PF 
bridge could be same HW as that which pf runs on.  just need a couple NIC's.

Reg
GV wrote:
Hi,
I have a situation where an internal (located in a LAN and behind a OpenBSD 
firewall/NAT) has to be fully exposed to the Internet! What's the best way to  
acieve that?

Thanks
George