In my small company, we already have a SonicWALL firewall that handles all
the workstation traffic to the Internet. We have an block of public IP
Addresses, but the SonicWALL only allows us to make use of two of them. I
am trying to setup a OpenBSD machine as a firewall for the rest of the IP
addresses.
I have the machine setup so that it has two NIC's. The external NIC has all
the IP addresses we want to use right now aliases to it. The only question
now is how to setup the firewall for the 1:1 mapping. I tried to put
something together but it simply does not work, I am clueless at why. Any
suggestions are very helpful. Here is what I have tried:
# $OpenBSD: pf.conf,v 1.37 2008/05/09 06:04:08 reyk Exp $
#
# See pf.conf(5) for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
ext_if="dc0"
int_if="xl0"
tcp_services="{22, 113}"
icmp_types="echoreq"
ccdemo_ext = "xxx.xxx.xxx.214"
ccdemo_int = "172.16.2.10"
###set skip on lo
scrub in all
#nat on $ext_if from !($ext_if) -> ($ext_if:0)
binat on $ext_if from $ccdemo_int to any -> $ccdemo_ext
block in
pass out keep state
antispoof quick for { lo $int_if }
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port
$tcp_services flags S/SA keep state
#pass in quick on $ext_if proto tcp from any to $ccdemo_int ports https
flags S/SA synproxy state
pass in on $ext_if proto tcp from any to $ccdemo_int
pass in quick on $int_if
