From owner-freebsd-net@FreeBSD.ORG  Tue May  1 13:09:04 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C2A27106564A
	for <freebsd-net@freebsd.org>; Tue,  1 May 2012 13:09:04 +0000 (UTC)
	(envelope-from mikemacleod@gmail.com)
Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com
	[209.85.210.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 85B318FC0C
	for <freebsd-net@freebsd.org>; Tue,  1 May 2012 13:09:04 +0000 (UTC)
Received: by iahk25 with SMTP id k25so7642005iah.13
	for <freebsd-net@freebsd.org>; Tue, 01 May 2012 06:09:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:from:date:message-id:subject:to
	:cc:content-type;
	bh=/RabKJNuO61KKfoEYDUEnNuJ+T5MwlAQ/HARxiQhyMA=;
	b=k/8MkTNByyQRAks92RqoA7RAOIrkvzD+TjPNC3Snmx/UP938j4sWhrS+NcyPWpQPjM
	KRTmBoPTXocypVurBvaT/QANYxyWkn9wkH8tU9OtsOBVkAI/aNQaqNwI4CXKKrIXR6yU
	mcMLLw0RXiHBd4MRWyOiTunQNm89cOLJWqLJpuNgoqQO65nMb4QPzO8aIgB97HQniCDb
	HJgjqTrugtBuAZGTVWV3fY1fz3eOKQsMVehmTa4nXn30sawWkUwFe1qX8xshBwcy/6ER
	xtDWSQFXpjE3uf05aXUa7Jq5SUkC5UqTSiivu3ezZ99BP0/NUQuqbjQBHfvnptdl0Q9/
	AfFA==
Received: by 10.50.193.132 with SMTP id ho4mr1712750igc.17.1335877744181; Tue,
	01 May 2012 06:09:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.42.133.6 with HTTP; Tue, 1 May 2012 06:08:44 -0700 (PDT)
In-Reply-To: <4F9F4949.20706@gmail.com>
References: <CAM-FeoFie0aZJXu0+iCo=_myjz1QH89G1WSBDmp8PUZ2NYQkHg@mail.gmail.com>
	<4F9E270F.3070605@gmail.com>
	<CAM-FeoEFA3-thWx31kS8Y9MBfGHZQrEqbNQV+qTt073xO1eLUQ@mail.gmail.com>
	<4F9F4949.20706@gmail.com>
From: Michael MacLeod <mikemacleod@gmail.com>
Date: Tue, 1 May 2012 09:08:44 -0400
Message-ID: <CAM-FeoG7hOMd4sfPs-E3mMyeER34gR+or2uj_xY7UeCxx2qhLw@mail.gmail.com>
To: Darren Pilgrim <darren.pilgrim@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-net@freebsd.org
Subject: Re: Full Cone NAT In PF
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2012 13:09:04 -0000

Alright, here's a copy of my pf.conf:
http://pastie.org/private/yt7h3erbowgg4pf5v7fh5a

As for patches... unfortunately I'm not too sharp with C.

On Mon, Apr 30, 2012 at 10:24 PM, Darren Pilgrim
<darren.pilgrim@gmail.com>wrote:

> On 2012-04-30 17:44, Michael MacLeod wrote:
>
>> At the end of the day we could solve it by getting our ISP to route a
>> /29 to their house and using binat (I already have a /29), but it would
>> be nice if there was the option to use 'nat on $wan_if from <lan_net> ->
>> ($wan_if) full-cone' in a ruleset to achieve the correct behaviour.
>>
>
> Patches welcome. :)
>
> Facetiousness aside, you can make the rules more broad, even create "DMZ
> host" rules on a per-remote-IP basis.  If you post your pf.conf (a pastie
> URI would be best), we can look and see if there's something amiss.
>