From owner-freebsd-pf@FreeBSD.ORG  Tue Dec 14 23:14:59 2004
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 36ED616A4CE
	for <freebsd-pf@freebsd.org>; Tue, 14 Dec 2004 23:14:59 +0000 (GMT)
Received: from mxsf15.cluster1.charter.net (mxsf15.cluster1.charter.net
	[209.225.28.215])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CE90E43D2D
	for <freebsd-pf@freebsd.org>; Tue, 14 Dec 2004 23:14:58 +0000 (GMT)
	(envelope-from pathiaki@pathiaki.com)
Received: from mxip04.cluster1.charter.net (mxip04a.cluster1.charter.net
	[209.225.28.134])iBENEvQD030594
	for <freebsd-pf@freebsd.org>; Tue, 14 Dec 2004 18:14:57 -0500
Received: from cpe-66-189-12-20.ma.charter.com (HELO pc4.atlantisservices.com)
	(66.189.12.20)  by mxip04.cluster1.charter.net with ESMTP;
	14 Dec 2004 18:14:57 -0500
X-Ironport-AV: i="3.87,143,1099285200"; 
   d="scan'208"; a="496306588:sNHT16223420"
From: "Paul J. Pathiakis" <pathiaki@pathiaki.com>
Organization: Pathiakis Home
To: freebsd-pf@freebsd.org
Date: Tue, 14 Dec 2004 18:15:20 -0500
User-Agent: KMail/1.7.1
References: <BAY103-DAV17C00EC3123282040DE4DFE2AC0@phx.gbl>
In-Reply-To: <BAY103-DAV17C00EC3123282040DE4DFE2AC0@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200412141815.20614.pathiaki@pathiaki.com>
Subject: Re: NAT works but port forwarding does not
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Dec 2004 23:14:59 -0000


> 
> My network setup
> 
> Internet <----> em0 | FreeBSD | em1 <----->  LAN
> 
> 
> my pf.conf file only has:
> 
> ext_if="em0"
> int_if="em1"
> webserver="192.168.1.54"
> 
> nat on $ext_if from $int_if:network to any -> ($ext_if)
> rdr on $ext_if from any to any port 80 -> $webserver
> 
> 

If Antonio's solution works, forget the below.  However, it seems to me
that there should be a way of allowing the internal card to talk to the external card

It seems to me that outgoing nat works, but nothing about incoming traffic being
allowed to traverse from the external if/lan to the internal if/lan was ever put in place.

# Pass in quick any packets destined for the gateway 
pass in quick on $ext_if from $int_if:network to $ext_if

(again, just trying to help, and I'm NEW to pf)

P.