Re: I want copy pf.conf from FreeBSD 8.2 to OpenBSD 5 and use it

Sun, 13 Nov 2011 04:41:20 -0800 

Thanks Dear Friends
I will fix it,  it is great,  I have only one mistake in my new pf.conf
About private and public IPs, you says true
Can I optimiz this pf.conf?
Thanks in advance
On Nov 13, 2011 2:36 PM, "David Walker" <davidianwal...@gmail.com> wrote:

> Hey.
>
> On 06/11/2011, Gholam Mostafa Faridi <mostafafar...@gmail.com> wrote:
> >
> > NAT1            = "10.10.10.194"
> >
> > paltalk1        = "{ 192.168.0.20, 192.168.0.21, 192.168.0.22 }"
> >
> > match out on egress inet from !(paltalk1) to any nat-to (NAT1)
> >
> > much different is in NAT rule , and other things is simillar old pf.
> >
> > I have 27 valid IPs or static IPs , and I have to put many lines in my
> > pf.conf
> >
> >
> > I want three invalid IPs  assigned to one Valid or static IP.  for
> example
> > if my valid IP is 10.10.10.1 , I need these IPs 192.168.0.1 ,
> > 192.168.0.2 , 192.168.0.3 assigned to 10.10.10.1
> >
> >
> > this is my net work digram
> > |
> >              |
> >              |
> > ------------|------------
> >       10.10.10.192/27
> >           external
> >
> >     OpenBSD pf firewall
> >
> >          internal
> >       192.168.168.0.1/24
> > ------------|------------
> >              |
> >              |
> >              |
> >
>
>
> http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&manpath=OpenBSD+5.0#EXAMPLES
>
> Looking really quickly this is wrong:
> > match out on egress inet from !(paltalk1) to any nat-to (NAT1)
>
> ! == NOT
> $ == MACRO
>
> match out on egress inet from ($paltalk1) to any nat-to ($NAT1)
>
> BTW, they are public and private addresses, not valid and invalid.
> Static is something different again (does not change in contrast to
> dynamic, i.e. DHCP),
>
> > best wishes,
> > mfaridi
> >
>
> Action learning is an educational process whereby the participant
> studies their own actions and experience in order to improve
> performance. Learners acquire knowledge through actual actions and
> repetitions, rather than through traditional instruction.
>
> http://en.wikipedia.org/wiki/Action_learning
>
> To study and not think is a waste. To think and not study is dangerous.
>
> http://en.wikiquote.org/wiki/Confucius
>
> Best wishes.

Reply via email to