From owner-freebsd-pf@FreeBSD.ORG  Thu Sep 16 04:15:02 2004
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 674)
	id 32C1916A4CF; Thu, 16 Sep 2004 04:15:02 +0000 (GMT)
Delivered-To: mlaier@vampire.homelinux.org
Received: (qmail 57597 invoked by alias); 14 Sep 2004 15:14:12 -0000
Delivered-To: unirz@vampire.homelinux.org
Received: (qmail 57594 invoked from network); 14 Sep 2004 15:14:10 -0000
Received: from mailstud.rz.uni-karlsruhe.de (129.13.185.210)
  by p54808cc6.dip.t-dialin.net with SMTP; 14 Sep 2004 15:14:10 -0000
Received: from spamstud.rz.uni-karlsruhe.de (spamstud.rz.uni-karlsruhe.de
	[129.13.185.237])
	by mailstud.rz.uni-karlsruhe.de with esmtp (Exim 4.34 #1)
	id 1C7F36-0002o9-SX for max.laier@stud.uni-karlsruhe.de;
	Tue, 14 Sep 2004 17:16:52 +0200
Received: from localhost (exim@[127.0.0.1])
	by spamstud.rz.uni-karlsruhe.de with spam-scanned (Exim 4.34 #1)
	id 1C7F36-0007Os-No for max.laier@stud.uni-karlsruhe.de;
	Tue, 14 Sep 2004 17:16:52 +0200
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.189])
	by spamstud.rz.uni-karlsruhe.de with esmtp (Exim 4.34 #1)
	id 1C7F36-0007Oh-LU for max.laier@stud.uni-karlsruhe.de;
	Tue, 14 Sep 2004 17:16:52 +0200
Received: from [212.227.126.215] (helo=mxng19.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1C7F36-0000hL-00
	for max.laier@stud.uni-karlsruhe.de; Tue, 14 Sep 2004 17:16:52 +0200
Received: from [206.53.239.180] (helo=turing.freelists.org)
	by mxng19.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1C7F35-0001g2-00
	for max@love2party.net; Tue, 14 Sep 2004 17:16:52 +0200
Received: from localhost (localhost [127.0.0.1])ESMTP
	id 7003772CE76; Tue, 14 Sep 2004 10:16:00 -0500 (EST)
Received: from turing.freelists.org ([127.0.0.1])
 by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 23068-45; Tue, 14 Sep 2004 10:16:00 -0500 (EST)
Received: from turing (localhost [127.0.0.1])ESMTP
	id C175972CE4D; Tue, 14 Sep 2004 10:15:31 -0500 (EST)
Received: with ECARTIS (v1.0.0; list pf4freebsd);
	Tue, 14 Sep 2004 10:15:07 -0500 (EST)
X-Original-To: pf4freebsd@freelists.org
Delivered-To: pf4freebsd@freelists.org
Received: from localhost (localhost [127.0.0.1])ESMTP id 23CA772CD88
	for <pf4freebsd@freelists.org>; Tue, 14 Sep 2004 10:15:06 -0500 (EST)
Received: from turing.freelists.org ([127.0.0.1])
 by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 22944-43 for <pf4freebsd@freelists.org>;
 Tue, 14 Sep 2004 10:15:06 -0500 (EST)
Received: from hellfire.filament.org (ip244.gte215.dsl-acs2.sea.iinet.com
	[209.20.215.244])ESMTP id EBCDA72CDF6
	for <pf4freebsd@freelists.org>; Tue, 14 Sep 2004 10:14:46 -0500 (EST)
Received: from hellfire.filament.org (localhost.filament.org [127.0.0.1])
	i8EEnMFC025937;	Tue, 14 Sep 2004 07:49:22 -0700 (PDT)
	(envelope-from mark-pf@filament.org)
Received: from localhost (darkmark@localhost)i8EEnKYM025934;
	Tue, 14 Sep 2004 07:49:21 -0700 (PDT)
	(envelope-from mark-pf@filament.org)
X-Authentication-Warning: hellfire.filament.org: darkmark owned process doing
	-bs
Date: Tue, 14 Sep 2004 07:49:20 -0700 (PDT)
From: Mark Atkinson <mark-pf@filament.org>
X-X-Sender: darkmark@hellfire.filament.org
To: pf4freebsd@freelists.org
In-Reply-To: <c3ed3fdc04091317413da12e3d@mail.gmail.com>
Message-ID: <20040914074106.H25811@hellfire.filament.org>
References: <c3ed3fdc04091317413da12e3d@mail.gmail.com>
X-Priority: 3 (Normal)
Importance: Normal
Sensitivity: Normal
X-MSMail-Priority: Normal
MIME-Version: 1.0
Content-Type: TEXT/PLAIN;
  charset=US-ASCII
X-Virus-Scanned: by amavisd-new at freelists.org
X-archive-position: 478
X-ecartis-version: Ecartis v1.0.0
Sender: pf4freebsd-bounce@freelists.org
Errors-To: pf4freebsd-bounce@freelists.org
X-original-sender: mark-pf@filament.org
Precedence: normal
X-list: pf4freebsd
X-Virus-Scanned: by amavisd-new at freelists.org
X-Provags-Forward: max@love2party.net -> max.laier@stud.uni-karlsruhe.de
X-Scan-Signature: 9c644af611011a096b8e3efe9acf22d6
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on 
	mail6.rz.uni-karlsruhe.de
X-Spam-Status: No, hits=-3.7 required=7.0 tests=BAYES_00,MISSING_MIMEOLE,
	PRIORITY_NO_NAME autolearn=no version=2.61
X-Spam-Level: 
X-UID: 554
X-Length: 5284
X-Mailman-Approved-At: Thu, 16 Sep 2004 04:17:51 +0000
cc: phusion <phusion2k@gmail.com>
Subject: [pf4freebsd] Re: Convert IPFW Ruleset to PF
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Reply-To: pf4freebsd@freelists.org
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Sep 2004 04:15:02 -0000

On Mon, 13 Sep 2004, phusion wrote:
> How can I convert this simple ipfw ruleset to pf?
>
> fwcmd="/sbin/ipfw"
> ${fwcmd} -f flush
> ${fwcmd} add divert natd all from any to any via xl0
> ${fwcmd} add pass all from any to any
>
> Let me know. Thanks.

something like this in your /etc/pf.conf

scrub in all random-id no-df fragment reassemble
nat on xl0 from <IF>:network to any -> 192.168.101.245
pass in all
pass out all

replace <IF> with your internal network nic device.

--
Mark Atkinson
mark-pf at filament dot org
(!wired)?(coffee++):(wired);