Date: Tue, 1 May 2012 09:08:44 -0400 From: Michael MacLeod <mikemacleod@gmail.com> To: Darren Pilgrim <darren.pilgrim@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Full Cone NAT In PF Message-ID: <CAM-FeoG7hOMd4sfPs-E3mMyeER34gR%2Bor2uj_xY7UeCxx2qhLw@mail.gmail.com> In-Reply-To: <4F9F4949.20706@gmail.com> References: <CAM-FeoFie0aZJXu0%2BiCo=_myjz1QH89G1WSBDmp8PUZ2NYQkHg@mail.gmail.com> <4F9E270F.3070605@gmail.com> <CAM-FeoEFA3-thWx31kS8Y9MBfGHZQrEqbNQV%2BqTt073xO1eLUQ@mail.gmail.com> <4F9F4949.20706@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Alright, here's a copy of my pf.conf: http://pastie.org/private/yt7h3erbowgg4pf5v7fh5a As for patches... unfortunately I'm not too sharp with C. On Mon, Apr 30, 2012 at 10:24 PM, Darren Pilgrim <darren.pilgrim@gmail.com>wrote: > On 2012-04-30 17:44, Michael MacLeod wrote: > >> At the end of the day we could solve it by getting our ISP to route a >> /29 to their house and using binat (I already have a /29), but it would >> be nice if there was the option to use 'nat on $wan_if from <lan_net> -> >> ($wan_if) full-cone' in a ruleset to achieve the correct behaviour. >> > > Patches welcome. :) > > Facetiousness aside, you can make the rules more broad, even create "DMZ > host" rules on a per-remote-IP basis. If you post your pf.conf (a pastie > URI would be best), we can look and see if there's something amiss. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM-FeoG7hOMd4sfPs-E3mMyeER34gR%2Bor2uj_xY7UeCxx2qhLw>