Hi, I'm hoping someone can help me with this. I'm just not totally up to speed on the finer details of NAT.
I have built a firewall router using a Soekris Net5501. It has 4 NICs, one not used. They are as follows: vr0 = Connected to DSL modem. No IP address. Given as $ExtIF in pf.conf. vr1 = Connected to Gb switch. Public IP. Given as $IntIF in pf.conf. vr2 = Connected to same Gb switch. Private IP. $LocalIF in pf.conf. My public net is referred to as $DMZnet and the local net is $IntNet. vr0 and vr1 are bridged together as bridge0. I am giving the local clients Internet access via NAT: nat log on $IntIF from ! $IntIF to any -> $IntIF The clients use the local IP of the firewall, 192.168.1.254, as their default gateway. All this works just fine until I try to put another server on the public net. When I point that server's gateway at the public IP of the router ($IntIF), it's blocked by the NAT. I understand that this is NAT doing its job by blocking packets it doesn't know about, but what do I do about a gateway for the DMZ net hosts? I don't want to use the ISP's gateway, I'd rather use the router. How can I make the router accept traffic from DMZ net hosts as a gateway? I've thought of using the currently-unused fourth NIC to give it a second public IP, but that's wasteful. I'm hoping this can be done purely in pf. thanks, Jeff