Simple NAT question

Morgan Reed morgan.s.reed at gmail.com
Sun Jul 8 12:38:36 UTC 2007


I've got an issue with a simple NAT with pf.

I've got two machines;
the first (I will call m1) has 2 ethernet interfaces (I will call them
m1.0 and m1.1)
the second (I will call m2) has 1 ethernet interface (I will call it m2.0)

m1.0 faces my LAN, m1.1 and m2.0 are on a separate, isolated segment.

what I need to be able to do is to access the "outside world" from m2
and be able to get to Ports 80, 443 and 3128 on m2 from my LAN by
connecting to ports 80, 443 and 3128 on m1 and having traffic
forwarded appropriately.

m1.0 - 192.168.0.X/24 (DHCP assigned)
m1.1 - 192.168.1.2/24
m2.0 - 192.168.1.30/24

/etc/pf.conf
=========================================================

ext_if="m1.0"
int_if="m1.1"

nat on $ext_if from !($ext_if) -> ($ext_if:0)

rdr pass on $ext_if proto tcp to port 80 -> 192.168.1.30 port 80
rdr pass on $ext_if proto tcp to port 443 -> 192.168.1.30 port 443
rdr pass on $ext_if proto tcp to port 3128 -> 192.168.1.30 port 3128

pass in keep state
pass out keep state

=========================================================

The current status is as follows;
* I can ping m1.0 from m2
* I can't ping any of the other address on the 192.168.0.0/24 network from m2

- tcpdump'ing m1.1
* Connecting to one of the forwarded ports on m1.0 I see nothing
* Connecting from m2 to a host on the LAN I see the connections going
out but, not coming back

Your assistance is greatly appreciated.

Morgan


More information about the freebsd-pf mailing list