Full Cone NAT In PF
Michael MacLeod
mikemacleod at gmail.com
Tue May 1 13:09:04 UTC 2012
Alright, here's a copy of my pf.conf:
http://pastie.org/private/yt7h3erbowgg4pf5v7fh5a
As for patches... unfortunately I'm not too sharp with C.
On Mon, Apr 30, 2012 at 10:24 PM, Darren Pilgrim
<darren.pilgrim at gmail.com>wrote:
> On 2012-04-30 17:44, Michael MacLeod wrote:
>
>> At the end of the day we could solve it by getting our ISP to route a
>> /29 to their house and using binat (I already have a /29), but it would
>> be nice if there was the option to use 'nat on $wan_if from <lan_net> ->
>> ($wan_if) full-cone' in a ruleset to achieve the correct behaviour.
>>
>
> Patches welcome. :)
>
> Facetiousness aside, you can make the rules more broad, even create "DMZ
> host" rules on a per-remote-IP basis. If you post your pf.conf (a pastie
> URI would be best), we can look and see if there's something amiss.
>
More information about the freebsd-net
mailing list