On 12/05/2010, at 9:28 PM, Rod Whitworth wrote: > > Particularly seeing I referenced both of those in my original post as > not being helpful and I've been trying to get somebody - anybody - to > write a minimal NAT ruleset and show me.
i use the following on my router at home: pass block log on $if_external anchor "ftp-proxy/*" pass in on $if_external proto tcp from $host_jp to ($if_external) port smtp rdr-to $host_apathy port smtp pass in on $if_external proto tcp to ($if_external) port { https ssh } rdr-to $host_apathy port ssh pass in on $if_external proto tcp to ($if_external) port imaps rdr-to $host_apathy port imaps pass in on $if_external inet proto icmp to ($if_external:0) icmp-type echoreq pass in on $if_external inet proto { tcp udp } to ($if_external:0) port domain keep state (max 128) pass in on $if_external inet proto udp from port isakmp to ($if_external:0) port isakmp pass in on $if_external inet proto esp to ($if_external:0) pass out on $if_external from ($if_external:0) match out on $if_external inet from { $if_wired:network $if_wireless:network } nat-to ($if_external:0) pass out quick on $if_external inet proto tcp to port { 80 443 } scrub (max-mss 1280) pass out on $if_external pass on internal pass in quick on internal proto tcp to port ftp rdr-to 127.0.0.1 port 8021