Hello all on the pf list,
for a really stupid german ISP I need to setup a binat with
exceptions. Here is my current setup:
(Internet) -- (cable modem) -- [dhcp] (openbsd-router) [10.10.0.1] --
[dhcp, 10.10.0.2] -- (Fritz!Box)
and
(openbsd-router) [172.16.1.1] -- [172.16.1.20] (Linux-Server)
What I want to do is redirect everything on every port from external
ip of openbsd-router to the Fritz!Box on 10.10.0.1, the "Fritz!Box
quarantine network".
Then I want to redirect a handful of port that are unused by the Fritz!
Box to internal machines on my private net.
And also I want to do nat for the internal private net 172.16.1.0/24.
The usual stuff.
My solution would be to rdr pass all ports between the handful I want
to forward to my private net to the Fritz!Box. That would probably
work as expected, but I thought that binat could be a useful solution
for not having 65.000 seperate rules (which would suck on an Alix
board).
How would it work? I guess with the no keyword, but a small working
example (copy&paste your working pf-rules without private data) would
help a lot. I already found this thread from September 2008:
http://groups.google.com/group/bit.listserv.openbsd-pf/browse_thread/thread/7b37f2c9d5574cf1/c9586d4374af600a?lnk=gst&q=binat+exception#c9586d4374af600a
Would Martins example for for my case if ext_ip1 and ext_ip2 were the
same?
Thanks in advance for any suggestions.
Falk
