On 6/5/07, Bray Mailloux <[EMAIL PROTECTED]> wrote:
Misc Users;
I'm having NAT problems; could someone examine my pf file and make some
recommendations?
This is really incomplete. What are you trying to accomplish? What
works and what doesn't? What are the interfaces for your internal,
dmz, and external networks (e.g. ifconfig output)?
PS: My pf.conf file
#Macros
# 192.168.0.1 subnet
ext_ip="64.142.102.8"
int_ip="192.168.0.1"
int_block="192.168.0.0/24"
#DMZ subnet
#Interface
dmz_ip="192.168.1.1"
#DNS 1
scarlett="192.168.1.2"
pub_scarlett="64.142.102.9"
#DNS 2
shelly="192.168.1.3"
pub_shelly="64.142.102.10"
#WWW 1
www_ip="192.168.1.4"
pub_www="64.142.102.11"
#Normalizing
#scrub in all
table <natclients> { $int_ip, !$scarlett, !$shelly, !$www_ip }
#NAT and Binat
nat on rl0 from $int_block to any -> $ext_ip
nat on rl0 from $scarlett to any -> $pub_scarlett
nat on rl0 from $shelly to any -> $pub_shelly
nat on rl0 from $www_ip to any -> $pub_www
#Default block policy
#block all
#Anti-spoofing
#block in quick from urpf-failed
#Traffic passing through
pass in all
#pass out all
#External interfaces
#pass in on rl0 inet proto { tcp, udp } all modulate state
pass out on rl0 proto { tcp, udp, icmp } all modulate state
