i try using binat : ### interface ###### ## wan interface ( ip public-01 )## ext_if="fxp0"
#### LAN Interface ( 192.168.0.0/24) #### prv_if="fxp1" #### DMZ Interface ( 192.168.2.0/24) #### dmz_if="xl0" #### ip public & LAN ###### ext_ad01="ipublic-01" ext_ad02="ipublic-02" prv_ad="192.168.1.0/24" dmz_ad="192.168.2.0/24" ##### DMZ server ip ######## dmz_www_ad ="192.168.0.2/32" dmz_mail_ad ="192.168.0.3/32" ############################# ##### NAT section ############ nat log on $ext_if from $prv_ad to any -> $ext_if nat log on $ext_if from $dmz_ad to any -> $ext_if binat on $ext_if from $dmz_www_ad to any -> $ext_ad01 binat on $ext_if from $dmz_mail_ad to any -> $ext_ad02 ---cut-- I made some test : 1. NAT from ipublic01 to 192.168.0.2/32 succsess . 2. NAT from ipublic02 to 192.168.0.3/32 not succses event no respond ? so i made change make ip alias( ipublic02) in interface fxp0 and made tes againt : 1. NAT from ipublic01 to 192.168.0.2/32 succsess . 2. NAT from ipublic02 to 192.168.0.3/32 succsess. so i have some question : - In PIX FW cisco i just make translate ipublic to ip dmz , so how do it in pf without ip alias in wan interface? thank's ... On Fri, May 9, 2008 at 5:27 PM, Mikel Lindsaar <[EMAIL PROTECTED]> wrote: > On Fri, May 9, 2008 at 6:46 PM, sonjaya <[EMAIL PROTECTED]> wrote: >> i have old pix firewall ( End Of Lifetime ) and now i want replacement >> with openbsd . >> bellow my network layout : >> |-----------lan[192.168.1.0/24] >> internet--------pix-fw >> |-------------DMZ[192.168.0.0/24] >> >> Bassicly nat from interface ip public to server (dmz zone) >> >> what should i use nat,binat or rdr . >> i have 5 ip public for 5 server with 1 obsd server. any exsample and >> good start point . > > The FAQ? > > http://www.openbsd.org/faq/pf/index.html > > Mikel > -- sonjaya http://sicute.blogspot.com
