From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 04:15:07 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 41C7816A4CF; Thu, 16 Sep 2004 04:15:07 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 57870 invoked by alias); 14 Sep 2004 15:34:29 -0000 Delivered-To: unirz@vampire.homelinux.org Received: (qmail 57867 invoked from network); 14 Sep 2004 15:34:27 -0000 Received: from mailstud.rz.uni-karlsruhe.de (129.13.185.210) by p54808cc6.dip.t-dialin.net with SMTP; 14 Sep 2004 15:34:27 -0000 Received: from spamstud.rz.uni-karlsruhe.de (spamstud.rz.uni-karlsruhe.de [129.13.185.237]) by mailstud.rz.uni-karlsruhe.de with esmtp (Exim 4.34 #1) id 1C7FMm-0005Cn-5G for max.laier@stud.uni-karlsruhe.de; Tue, 14 Sep 2004 17:37:12 +0200 Received: from localhost (exim@[127.0.0.1]) by spamstud.rz.uni-karlsruhe.de with spam-scanned (Exim 4.34 #1) id 1C7FMm-0002I3-06 for max.laier@stud.uni-karlsruhe.de; Tue, 14 Sep 2004 17:37:12 +0200 Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by spamstud.rz.uni-karlsruhe.de with esmtp (Exim 4.34 #1) id 1C7FMl-0002Hp-Tw for max.laier@stud.uni-karlsruhe.de; Tue, 14 Sep 2004 17:37:11 +0200 Received: from [212.227.126.140] (helo=mxng13.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1C7FMl-0001ax-00 for max.laier@stud.uni-karlsruhe.de; Tue, 14 Sep 2004 17:37:11 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng13.kundenserver.de with esmtp (Exim 3.35 #1) id 1C7F8R-00064u-00 for max@love2party.net; Tue, 14 Sep 2004 17:22:23 +0200 Received: from localhost (localhost [127.0.0.1])ESMTP id 879EA72D078; Tue, 14 Sep 2004 10:20:34 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 24160-59; Tue, 14 Sep 2004 10:20:34 -0500 (EST) Received: from turing (localhost [127.0.0.1])ESMTP id BD5AD72D027; Tue, 14 Sep 2004 10:20:23 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 14 Sep 2004 10:20:02 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from localhost (localhost [127.0.0.1])ESMTP id B91C072D033 for ; Tue, 14 Sep 2004 10:20:00 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 24051-65 for ; Tue, 14 Sep 2004 10:20:00 -0500 (EST) Received: from hellfire.filament.org (ip244.gte215.dsl-acs2.sea.iinet.com [209.20.215.244])ESMTP id 2D71E72CECD for ; Tue, 14 Sep 2004 10:19:55 -0500 (EST) Received: from hellfire.filament.org (localhost.filament.org [127.0.0.1]) i8EEsWFC025960; Tue, 14 Sep 2004 07:54:32 -0700 (PDT) (envelope-from mark-pf@filament.org) Received: from localhost (darkmark@localhost)i8EEsWhd025957; Tue, 14 Sep 2004 07:54:32 -0700 (PDT) (envelope-from mark-pf@filament.org) X-Authentication-Warning: hellfire.filament.org: darkmark owned process doing -bs Date: Tue, 14 Sep 2004 07:54:32 -0700 (PDT) From: Mark Atkinson X-X-Sender: darkmark@hellfire.filament.org To: pf4freebsd@freelists.org In-Reply-To: <20040914074106.H25811@hellfire.filament.org> Message-ID: <20040914075305.R25811@hellfire.filament.org> References: <20040914074106.H25811@hellfire.filament.org> X-Priority: 3 (Normal) Importance: Normal Sensitivity: Normal X-MSMail-Priority: Normal MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at freelists.org X-archive-position: 479 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: mark-pf@filament.org Precedence: normal X-list: pf4freebsd X-Virus-Scanned: by amavisd-new at freelists.org X-Provags-Forward: max@love2party.net -> max.laier@stud.uni-karlsruhe.de X-Scan-Signature: 7396dfe3ba188afdcaa011a0c410d9a2 X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on mail6.rz.uni-karlsruhe.de X-Spam-Status: No, hits=-3.7 required=7.0 tests=BAYES_00,MISSING_MIMEOLE, PRIORITY_NO_NAME autolearn=no version=2.61 X-Spam-Level: X-UID: 555 X-Length: 5493 X-Mailman-Approved-At: Thu, 16 Sep 2004 04:17:51 +0000 cc: phusion Subject: [pf4freebsd] Re: Convert IPFW Ruleset to PF X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 04:15:07 -0000 On Tue, 14 Sep 2004, Mark Atkinson wrote: > On Mon, 13 Sep 2004, phusion wrote: > > How can I convert this simple ipfw ruleset to pf? > > > > fwcmd="/sbin/ipfw" > > ${fwcmd} -f flush > > ${fwcmd} add divert natd all from any to any via xl0 > > ${fwcmd} add pass all from any to any > > > > Let me know. Thanks. > > something like this in your /etc/pf.conf > > scrub in all random-id no-df fragment reassemble > nat on xl0 from :network to any -> 192.168.101.245 > pass in all > pass out all > > replace with your internal network nic device. also replace the 192.168.101.245 ip with your public/routable ip address. > -- > Mark Atkinson > mark-pf at filament dot org > (!wired)?(coffee++):(wired);