From owner-freebsd-pf@FreeBSD.ORG Fri Aug 25 15:11:35 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DFCA616A4DE for ; Fri, 25 Aug 2006 15:11:35 +0000 (UTC) (envelope-from phoemix@harmless.hu) Received: from marvin.harmless.hu (marvin.harmless.hu [195.56.55.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id B70E043D5D for ; Fri, 25 Aug 2006 15:11:32 +0000 (GMT) (envelope-from phoemix@harmless.hu) Received: from localhost (localhost [127.0.0.1]) by marvin (Postfix) with ESMTP id 52002400F160; Fri, 25 Aug 2006 17:11:31 +0200 (CEST) Received: from marvin.harmless.hu ([127.0.0.1]) by localhost (marvin [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28122-08; Fri, 25 Aug 2006 17:11:29 +0200 (CEST) Received: by marvin (Postfix, from userid 1000) id 4903A400F15C; Fri, 25 Aug 2006 17:11:29 +0200 (CEST) Date: Fri, 25 Aug 2006 17:11:29 +0200 To: Bruno Bandeira Message-ID: <20060825151129.GA8815@marvin.harmless.hu> References: <130a355b0608250801n6762c91dk159f4880835f8bdd@mail.gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VS++wcV0S1rZb1Fb" Content-Disposition: inline In-Reply-To: <130a355b0608250801n6762c91dk159f4880835f8bdd@mail.gmail.com> User-Agent: Mutt/1.5.9i From: phoemix@harmless.hu (Gergely CZUCZY) X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at harmless.hu Cc: freebsd-pf@freebsd.org Subject: Re: Newbie X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Aug 2006 15:11:36 -0000 --VS++wcV0S1rZb1Fb Content-Type: text/plain; charset=utf-8 Content-Disposition: inline On Fri, Aug 25, 2006 at 12:01:26PM -0300, Bruno Bandeira wrote: > Hey Guys, > > I am newbie in pf world, so i need to put my network to access internet .... > > My gateway is a freebsd machine, and i have a few questions... PS: I have > read the manual =) also read this: http://www.openbsd.org/faq/pf/ > I need to nat my network.How can i do this? I try this.. > > nat on $ext_if from $rede to any -> ($ext_if) let's parse this: +nat: this means, you will perform a NAT action, Network Address Translation +on $ext_if: on those packets which arrive on your $ext_if to your machine +from $rede: from the source of $rede (it's usually a CIDR) +to any: they go to anywhere, aka 0/0 +-> ($ext_if): after translation they will have the address of the interface $ext_if hint: check the "on" part of the rule > My default policy is: > > block in all > > And the statefull spection > > pass out keep state that looks good. also read the faq, there are examples for this IIRC. Bye, Gergely Czuczy mailto: gergely.czuczy@harmless.hu PGP: http://phoemix.harmless.hu/phoemix.pgp Weenies test. Geniuses solve problems that arise. --VS++wcV0S1rZb1Fb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFE7xMhbBsEN0U7BV0RAubyAKDhSSDRYuP8c7UJUpTqi5ZyI7JmCACg0MOq ZqVHafut/cpfKTNQQK4Uyj4= =Gff1 -----END PGP SIGNATURE----- --VS++wcV0S1rZb1Fb--