Full Cone NAT In PF
Darren Pilgrim
darren.pilgrim at gmail.com
Tue May 1 02:24:13 UTC 2012
On 2012-04-30 17:44, Michael MacLeod wrote:
> At the end of the day we could solve it by getting our ISP to route a
> /29 to their house and using binat (I already have a /29), but it would
> be nice if there was the option to use 'nat on $wan_if from <lan_net> ->
> ($wan_if) full-cone' in a ruleset to achieve the correct behaviour.
Patches welcome. :)
Facetiousness aside, you can make the rules more broad, even create "DMZ
host" rules on a per-remote-IP basis. If you post your pf.conf (a
pastie URI would be best), we can look and see if there's something amiss.
More information about the freebsd-net
mailing list