From owner-freebsd-net@FreeBSD.ORG  Tue May  1 02:24:13 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5C5E0106566B
	for <freebsd-net@freebsd.org>; Tue,  1 May 2012 02:24:13 +0000 (UTC)
	(envelope-from darren.pilgrim@gmail.com)
Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com
	[209.85.160.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 26A4A8FC08
	for <freebsd-net@freebsd.org>; Tue,  1 May 2012 02:24:13 +0000 (UTC)
Received: by pbbro2 with SMTP id ro2so3076747pbb.13
	for <freebsd-net@freebsd.org>; Mon, 30 Apr 2012 19:24:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=message-id:date:from:user-agent:mime-version:to:cc:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	bh=3ck6q+A2PYY8OxuwxM32/j0F8+J7twOhmpkuOhcLnM4=;
	b=okSCMw8pO7milZLWVKnop1UJPO0HqM0yce4Jz3NG1EBs7b+VdLleCQygR3A72+nKsC
	Wn0GtYWS2R+umrpZLsoYzAeGOgmFVQkFTlorwT7D0g8ECUooNZxfLkzpguf30SWkMeZj
	44ncTqsfbsjoliJLmwhmmVvbnH1Yxfb+NpL/MTnyoq4aXPU+3J+mnWQx6Q/erULcj/r5
	ftclgnpR7RXX5mHrA3xsgr53+9JoJ02UhKKA91x29M1Wr0LM+SkWW7e0L9DUl7sIp8Dq
	1k7wcT4vJlVMixmLfbVarRgzre0p1u6tltCJfCE/twJbbnTSaZtHjtbJ3z43A2Q/qAC2
	DlSQ==
Received: by 10.68.191.130 with SMTP id gy2mr10601669pbc.62.1335839052975;
	Mon, 30 Apr 2012 19:24:12 -0700 (PDT)
Received: from [127.0.0.1] (c-71-236-141-77.hsd1.wa.comcast.net.
	[71.236.141.77])
	by mx.google.com with ESMTPS id 2sm17776427pbw.57.2012.04.30.19.24.09
	(version=TLSv1/SSLv3 cipher=OTHER);
	Mon, 30 Apr 2012 19:24:11 -0700 (PDT)
Message-ID: <4F9F4949.20706@gmail.com>
Date: Mon, 30 Apr 2012 19:24:09 -0700
From: Darren Pilgrim <darren.pilgrim@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1;
	rv:10.0.3) Gecko/20120306 Thunderbird/10.0.3
MIME-Version: 1.0
To: Michael MacLeod <mikemacleod@gmail.com>
References: <CAM-FeoFie0aZJXu0+iCo=_myjz1QH89G1WSBDmp8PUZ2NYQkHg@mail.gmail.com>
	<4F9E270F.3070605@gmail.com>
	<CAM-FeoEFA3-thWx31kS8Y9MBfGHZQrEqbNQV+qTt073xO1eLUQ@mail.gmail.com>
In-Reply-To: <CAM-FeoEFA3-thWx31kS8Y9MBfGHZQrEqbNQV+qTt073xO1eLUQ@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: Full Cone NAT In PF
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2012 02:24:13 -0000

On 2012-04-30 17:44, Michael MacLeod wrote:
> At the end of the day we could solve it by getting our ISP to route a
> /29 to their house and using binat (I already have a /29), but it would
> be nice if there was the option to use 'nat on $wan_if from <lan_net> ->
> ($wan_if) full-cone' in a ruleset to achieve the correct behaviour.

Patches welcome. :)

Facetiousness aside, you can make the rules more broad, even create "DMZ 
host" rules on a per-remote-IP basis.  If you post your pf.conf (a 
pastie URI would be best), we can look and see if there's something amiss.