I?have the following problem:
I’m using OpenBSD 3.2 stable as a firewall/NAT and I’m forced (provider) to block outcoming ports and only allow some.
I’m also forced to allow only some machines behind the NAT to access the internet.
So I have default deny policy on dc1 and passing out only allowed ports. I cannot set the port blocking policy on the dc0 interface, because of ftp-proxy.
On dc0 I have default deny policy too, allowing only some machines to go through. And I cannot block them individually on dc1 because of NAT.
So how can I set different privileges to the machines after NAT? (Exceptions from the port block above on dc1)
SP SCCh FChPT STU