[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF without NAT : filtering, but leaving IP address the same



On Fri, 2004-09-10 at 00:02, Miles Keaton wrote:
> All the PF examples and even Jacek's book seem to assume you want to
> do NAT : the small-office setup : the one public IP and many
> 192.168.0.__ IPs inside.
> 
> But how would PF be used as a router with many incoming IP addresses
> and many receiving IP addresses?
> 
> Say I have incoming:  from 123.45.67.80 to 123.45.67.89 on a T1 connection.
> 
> One OpenBSD/PF machine is receiving that input on a single NIC card,
> and wants to send out some traffic on another NIC card connected to a
> switch like this:
> 
> incoming 123.45.67.81 allow port 22,80,443 to go to internal 123.45.67.81
> incoming 123.45.67.82 allow port 22 to go to internal 123.45.67.82
> incoming 123.45.67.83 allow port 22,25,110 to go to internal 123.45.67.83
> 
> Can PF do this kind of filter-and-route without doing NAT?
> If so, any URLs of examples?  I can only find examples with NAT.
> 
> Thanks!
i'm probably totally missing the point of your post, but here goes:
read all that same info and ignore the nat, rdr, and binat statements.
pf's filtering does not rely on nat in any way, shape or form.
-j
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
We don't smoke and we don't chew, and we don't go with girls that do. --
Walter Summers
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~