On 12/05/2010, at 9:28 PM, Rod Whitworth wrote:
>
> Particularly seeing I referenced both of those in my original post as
> not being helpful and I've been trying to get somebody - anybody - to
> write a minimal NAT ruleset and show me.
i use the following on my router at home:
pass
block log on $if_external
anchor "ftp-proxy/*"
pass in on $if_external proto tcp from $host_jp to ($if_external) port smtp
rdr-to $host_apathy port smtp
pass in on $if_external proto tcp to ($if_external) port { https ssh } rdr-to
$host_apathy port ssh
pass in on $if_external proto tcp to ($if_external) port imaps rdr-to
$host_apathy port imaps
pass in on $if_external inet proto icmp to ($if_external:0) icmp-type echoreq
pass in on $if_external inet proto { tcp udp } to ($if_external:0) port domain
keep state (max 128)
pass in on $if_external inet proto udp from port isakmp to ($if_external:0)
port isakmp
pass in on $if_external inet proto esp to ($if_external:0)
pass out on $if_external from ($if_external:0)
match out on $if_external inet from { $if_wired:network $if_wireless:network }
nat-to ($if_external:0)
pass out quick on $if_external inet proto tcp to port { 80 443 } scrub
(max-mss 1280)
pass out on $if_external
pass on internal
pass in quick on internal proto tcp to port ftp rdr-to 127.0.0.1 port 8021
