In my small company, we already have a SonicWALL firewall that handles all the workstation traffic to the Internet. We have an block of public IP Addresses, but the SonicWALL only allows us to make use of two of them. I am trying to setup a OpenBSD machine as a firewall for the rest of the IP addresses.
I have the machine setup so that it has two NIC's. The external NIC has all the IP addresses we want to use right now aliases to it. The only question now is how to setup the firewall for the 1:1 mapping. I tried to put something together but it simply does not work, I am clueless at why. Any suggestions are very helpful. Here is what I have tried: # $OpenBSD: pf.conf,v 1.37 2008/05/09 06:04:08 reyk Exp $ # # See pf.conf(5) for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. ext_if="dc0" int_if="xl0" tcp_services="{22, 113}" icmp_types="echoreq" ccdemo_ext = "xxx.xxx.xxx.214" ccdemo_int = "172.16.2.10" ###set skip on lo scrub in all #nat on $ext_if from !($ext_if) -> ($ext_if:0) binat on $ext_if from $ccdemo_int to any -> $ccdemo_ext block in pass out keep state antispoof quick for { lo $int_if } pass in quick on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state #pass in quick on $ext_if proto tcp from any to $ccdemo_int ports https flags S/SA synproxy state pass in on $ext_if proto tcp from any to $ccdemo_int pass in quick on $int_if