From owner-freebsd-pf@FreeBSD.ORG Thu Oct 23 18:16:05 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 12F32106567C for ; Thu, 23 Oct 2008 18:16:05 +0000 (UTC) (envelope-from jcjanos245@gmail.com) Received: from qb-out-0506.google.com (qb-out-0506.google.com [72.14.204.237]) by mx1.freebsd.org (Postfix) with ESMTP id B6E178FC0C for ; Thu, 23 Oct 2008 18:16:04 +0000 (UTC) (envelope-from jcjanos245@gmail.com) Received: by qb-out-0506.google.com with SMTP id f30so382724qba.35 for ; Thu, 23 Oct 2008 11:16:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=Vmf8A9ezwy12nJGKh2QDvo5uaQ9bT8T4+A6k3Z0Db30=; b=jMhBU2UiC8GAubKUEXugs3CChie9rHt+a4+LEofnKXfnIraxSmFuXQo9ODF69eSULV G6jviwgh+DvEa7IMAw5jMd8W1iMwuQTPnZfpQF/6MJZrul+H7A3Df/oMe1rTM55bSyGc PwTJ420dGrtUMz+zmUM0uBIuMGvPfDSnMYxj4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=D/pG47CKkTP5+T0i8YVntuWNM7J0o3QoRs79RrIHly3hp+dLfpwX2RCKNr8gO+C5ic 3HCcJ3698p92Erx4bQYgiq6vhUMXIjApwafYoy/kfc3Vjm3WdDQCjuKwXXmPpH0RHYoc fyzMUeX0ssUaRRAPWE1YETwm6EuH0CklKerDE= Received: by 10.86.93.19 with SMTP id q19mr2442295fgb.76.1224781763937; Thu, 23 Oct 2008 10:09:23 -0700 (PDT) Received: by 10.86.83.14 with HTTP; Thu, 23 Oct 2008 10:09:23 -0700 (PDT) Message-ID: <7259d7020810231009s6e719143r1239d265a41f48cc@mail.gmail.com> Date: Thu, 23 Oct 2008 10:09:23 -0700 From: "JC Janos" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Pf-Beginner help with using Binat & Nat with several machines X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Oct 2008 18:16:05 -0000 Hello, I have a small office that I'm expanding my IT for, and the off-the-shelf Netgear router I had just wasn't flexible enough. Especially after it died! :-) After reading up, and talking to some technical folks, I decided it was time to upgrade to a Freebsd Pf-firewall. With a bit of reading & trial and error, I've now managed to get a simple firewall running including basic Nat stuff. Pretty powerful it looks like! But now, I'm really stuck at understanding the more-advanced Nat & Binat for directing traffic to/from specific servers, etc. Here's what I want to do; I'm hoping someone here might be able to help? I have a "/29 block" of Static IP addresses (X.X.X.104 to X.X.X.111) provided by my ISP. The "main" address is X.X.X.110. Right now, all my internet traffic appears as if it's coming to & from that address. In my office I have three machines that I want to have communicate to & from one of the other IPs, X.X.X.109. Those machines are using the Internal Nat addresses of 192.168.1.10, 192.168.1.11 & 192.168.1.12. To do this, I think I need both nat & binat, and from what I understand, I should add the following to my "pf.conf" file -- wanIF = "tun0" lanIF = "sis0" wanIP_1 = "X.X.X.110" wanIP_2 = "X.X.X.109" server_1 = "192.168.1.10" server_2 = "192.168.1.11" server_3 = "192.168.1.12" binat on $wanIF from $server_1 to any -> $wanIP_2 binat on $wanIF from $server_2 to any -> $wanIP_2 binat on $wanIF from $server_3 to any -> $wanIP_2 nat on $wanIF from $server_1 to any -> $wanIP_2 nat on $wanIF from $server_2 to any -> $wanIP_2 nat on $wanIF from $server_3 to any -> $wanIP_2 But the thing that confuses me is that BINAT is supposedly "1:1 mapping", and I'm worried that using all three binat lines is going to cause some sort of collision or confusion. My head's spinning from reading up on this. I've managed to get more confused from all the examples, and I'm just not sure how to go about this. Any helpful suggestions would be appreaciated a lot! Thanks alot, JC