Date: Mon, 30 Apr 2012 19:24:09 -0700 From: Darren Pilgrim <darren.pilgrim@gmail.com> To: Michael MacLeod <mikemacleod@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Full Cone NAT In PF Message-ID: <4F9F4949.20706@gmail.com> In-Reply-To: <CAM-FeoEFA3-thWx31kS8Y9MBfGHZQrEqbNQV%2BqTt073xO1eLUQ@mail.gmail.com> References: <CAM-FeoFie0aZJXu0%2BiCo=_myjz1QH89G1WSBDmp8PUZ2NYQkHg@mail.gmail.com> <4F9E270F.3070605@gmail.com> <CAM-FeoEFA3-thWx31kS8Y9MBfGHZQrEqbNQV%2BqTt073xO1eLUQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2012-04-30 17:44, Michael MacLeod wrote: > At the end of the day we could solve it by getting our ISP to route a > /29 to their house and using binat (I already have a /29), but it would > be nice if there was the option to use 'nat on $wan_if from <lan_net> -> > ($wan_if) full-cone' in a ruleset to achieve the correct behaviour. Patches welcome. :) Facetiousness aside, you can make the rules more broad, even create "DMZ host" rules on a per-remote-IP basis. If you post your pf.conf (a pastie URI would be best), we can look and see if there's something amiss.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F9F4949.20706>