Solved Re: [nycbug-talk] pf nat problem

[George Georgalis]

On Sat, Nov 05, 2005 at 08:36:23PM -0500, George Georgalis wrote:
>I've looked in a few docs but I'm not able to get a pf nat gateway
>to work...

# Normalization:
scrub in all fragment reassemble

# Translation:
no rdr on { $lo_if , $int_if } from any  to any
nat on $ext_if from $int_net to any  -> $ext_addr2
rdr on $ext_if proto tcp from any  to $ext_addr2 port $ext_tcp2 -> $int_addr2
rdr on $ext_if proto udp from any  to $ext_addr2 port $ext_udp2 -> $int_addr2
rdr on $ext_if proto icmp from any  to $ext_addr2 -> $int_addr2
table <spamd> persist
table <spamd-white> persist file "/var/qmail/control/accept"
rdr inet proto tcp from <spamd> to any  port smtp -> $lo_addr port 8025
rdr inet proto tcp from !<spamd-white> to any  port smtp -> $lo_addr port 8025

# Filtering:
block drop in all
pass in on { $lo_if , $int_if } from any  to any  keep state
pass out all keep state

pass in on $lo_if inet proto tcp from any  to $lo_addr port 8025 keep state
pass in on $ext_if inet proto tcp from any  to $lo_addr port 8025 keep state
pass out log inet proto tcp from any  to any  port smtp label "smtp_out"

pass in on $ext_if inet proto tcp from any  to $ext_addr1 port $ext_tcp1 keep state
pass in on $ext_if inet proto udp from any  to $ext_addr1 port $ext_udp1 keep state
pass in on $ext_if inet proto icmp from any  to $ext_addr1 keep state

pass in on $ext_if inet proto tcp from any  to $int_addr2 port $ext_tcp2 keep state
pass in on $ext_if inet proto udp from any  to $int_addr2 port $ext_udp2 keep state
pass in on $ext_if inet proto icmp from any  to $int_addr2 keep state

#pass in log all
#pass out log all


// George

-- 
George Georgalis, systems architect, administrator <IXOYE><
http://galis.org/ cell:646-331-2027 mailto:george at galis.org