On 12/23/2005 05:22:28 AM, Kilaru Sambaiah wrote:
I have a question regarding pf and binat.
I need to protect mail server and web server behind firewall. I am
planning to run
pf with binat rules. I need to do the following:
1) Allow only ssh to firewall
2) Allow 80, 443 fron net to web server through binat
3) Allow 25 and 143 to mail server
I am ending with allowing 22, 25, 80, 143, 443 to firewall, mail
server and webserver.
How to enable only required ports for binat instead of all.
You don't enable the ports for binat, you binat everything and
then enable the ports as you would any other sort of nat-ted
ports. Nat-ting of any sort and filtering are separate
operations. (You may find more help at pf@benzedrine.cx,
but I suggest you read the pf FAQ first.)
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
