Re: replacement pix firewall with pf

2008-05-12 Thread Michael Richardson
On Mon, May 12, 2008 at 2:02 AM, sonjaya <[EMAIL PROTECTED]> wrote: > i want make NAT from ip public to server inside ( with non Ip public > )/dmz without make ip alias. > replacement PIX Fw cisco with PF in openbsd the main point . You probably want a binat entry for each host in the DMZ wit

Re: replacement pix firewall with pf

2008-05-11 Thread sonjaya
i want make NAT from ip public to server inside ( with non Ip public )/dmz without make ip alias. replacement PIX Fw cisco with PF in openbsd the main point . On Mon, May 12, 2008 at 12:35 PM, Almir Karic <[EMAIL PROTECTED]> wrote: > On Mon, May 12, 2008 at 6:40 AM, sonjaya <[EMAIL PROTECTED]

Re: replacement pix firewall with pf

2008-05-11 Thread Almir Karic
On Mon, May 12, 2008 at 6:40 AM, sonjaya <[EMAIL PROTECTED]> wrote: > so i have some question : > - In PIX FW cisco i just make translate ipublic to ip dmz , so how do > it in pf without ip alias in wan interface? AFAIK you can't. why would you want to do that? -- For far too long, power has b

Re: replacement pix firewall with pf

2008-05-11 Thread sonjaya
i try using binat : ### interface ## ## wan interface ( ip public-01 )## ext_if="fxp0" LAN Interface ( 192.168.0.0/24) prv_if="fxp1" DMZ Interface ( 192.168.2.0/24) dmz_if="xl0" ip public & LAN ## ext_ad01="ipublic-01" ext_ad02="ipublic-02" prv_ad="192.168.1

replacement pix firewall with pf

2008-05-09 Thread sonjaya
Dear all i have old pix firewall ( End Of Lifetime ) and now i want replacement with openbsd . bellow my network layout : |---lan[192.168.1.0/24] internetpix-fw |-DMZ[192.168.0.0/24] Bassicly nat from interface ip public to se