2009/2/23 johan beisser <[email protected]>: > I make no claims this works or will work for you. It's a simple rewrite of > what you claimed to want (NAT for outbound traffic, for example). > > ext_if="sk0" > int_if="sk1" > udp_services="{ domain, ntp}" > > set skip on lo > set block-policy return > scrub in > > nat on $ext_if from $int_if:network to any ->($ext_if) > block log > > pass out quick from $int_if to $int_if:network > pass out quick from $ext_if to any > > pass in quick on $ext_if proto {tcp, udp} from any to ($ext_if) port > $udp_services > pass in quick on $int_if from $int_if:network to any
Yep, that gets everything working. I'd like to understand why, though. From what I've read in my books and in the replies what Jason suggested should have worked. Why is all this extra stuff needed? Specifically, why do I need the next to last line? Would that not be for offering services to the Internet? (I'd like to enjoy my working box for a few hours before I start experimenting again so I haven't tried it without this line.) :-) So, yes, it's working but I don't like not understanding why. I'll need to do a bit more research, I guess. Cheers, Hilco
