[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Help with NAT rules



Hi all
New to Open BSD and PF

Trying to set up nat for a 10.x.x.x/24 public 1.2.3.4
Below is my rule set for NAT only
I am enabling PF for nat only .. pfctl -eN
however it is not working ,
I get no results with pfctl -s state
pfctl -s nat does show the rule set correctly
TCP dump on the xl1 shows that the interface is receiving traffic ... what I am I missing

Thanks for any insight




The ruleset is below :


enBSD: pf.conf,v 1.27 2004/03/02 20:13:55 cedric Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.

#ext_if="ext0"
#int_if="int0"

#table <spamd> persist
#table <spamd-white> persist

#scrub in

#########################################################################################
#### NAT configuration LB 10/20/04
#### Only doing NAT no rdr or binat
#### Set the Macro definitions

## ext_if : Interface on which traffic is coming to NAT
## ext_ad : Public IPv4 address assigned to the firewalls external
interface.
## priv_ad : Range of private IPv4 addresses assigned to host on [email protected]
network
## nat_proto: Nated Protocols

ext_if = "xl1"
int_if = "xl0"
ext_ad = "158.x.x.0/x"
priv_ad = "10.0.0.0/24"
nat_proto = "{tcp, udp, icmp}"

#### Set the Rules for NAT - what we are NATing basically

nat pass on $ext_if inet proto $nat_proto from $priv_ad to any ->
$ext_ad



#### end nat rules set and configuration section of Pf config.
########################################################################################
########################################################################################
#rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
#rdr pass on $ext_if proto tcp from <spamd> to port smtp \
# -> 127.0.0.1 port spamd
#rdr pass on $ext_if proto tcp from !<spamd-white> to port smtp \
# -> 127.0.0.1 port spamd

#block in
#pass out keep state

#pass quick on { lo $int_if }
#antispoof quick for { lo $int_if }
#pass in on $ext_if proto tcp to ($ext_if) port ssh keep state
#pass in on $ext_if proto tcp to ($ext_if) port > 49151 user proxy keep state
#pass in log on $ext_if proto tcp to ($ext_if) port smtp keep state
#pass out log on $ext_if proto tcp from ($ext_if) to port smtp keep state


___________________


A. Lester Burke
Network Analyst
Arlington Public Schools, VA
V 703-228-6057
E [email protected]

"They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."
Ben Franklin