From owner-freebsd-pf@FreeBSD.ORG Tue Dec 14 21:35:03 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6FE1D16A4CE for ; Tue, 14 Dec 2004 21:35:01 +0000 (GMT) Received: from hotmail.com (bay103-dav17.bay103.hotmail.com [65.54.174.89]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4558343D1F for ; Tue, 14 Dec 2004 21:35:01 +0000 (GMT) (envelope-from zeno_lee@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 14 Dec 2004 13:35:00 -0800 Message-ID: Received: from 68.236.191.168 by BAY103-DAV17.phx.gbl with DAV; Tue, 14 Dec 2004 21:34:23 +0000 X-Originating-IP: [68.236.191.168] X-Originating-Email: [zeno_lee@hotmail.com] X-Sender: zeno_lee@hotmail.com From: "Zeno Lee" To: Date: Tue, 14 Dec 2004 16:34:22 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-OriginalArrivalTime: 14 Dec 2004 21:35:00.0790 (UTC) FILETIME=[C3FAA560:01C4E224] Subject: NAT works but port forwarding does not X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2004 21:35:03 -0000 I am just starting off with PF. I had it compiled into the kernel in 5.3 stable. I have not setup any rules yet. I'm just trying to set up NAT and forwarding. My network setup Internet <----> em0 | FreeBSD | em1 <-----> LAN my pf.conf file only has: ext_if="em0" int_if="em1" webserver="192.168.1.54" nat on $ext_if from $int_if:network to any -> ($ext_if) rdr on $ext_if from any to any port 80 -> $webserver NAT works, however, I cannot get port forwarding to work. I am testing it vial a remote computer on the internet whose packets only come through em0. Am I missing anything here?