Pf-Beginner help with using Binat & Nat with several machines

JC Janos jcjanos245 at gmail.com
Thu Oct 23 18:16:05 UTC 2008 

Hello,

I have a small office that I'm expanding my IT for, and the
off-the-shelf Netgear router I had just wasn't flexible enough.
Especially after it died!  :-)

After reading up, and talking to some technical folks, I decided it
was time to upgrade to a Freebsd Pf-firewall.

With a bit of reading & trial and error, I've now managed to get a
simple firewall running including basic Nat stuff.  Pretty powerful it
looks like!

But now, I'm really stuck at understanding the more-advanced Nat &
Binat for directing traffic to/from specific servers, etc.

Here's what I want to do;  I'm hoping someone here might be able to help?


I have a "/29 block" of Static IP addresses (X.X.X.104 to X.X.X.111)
provided by my ISP.

The "main" address is X.X.X.110.  Right now, all my internet traffic
appears as if it's coming to & from that address.

In my office I have three machines that I want to have communicate to
& from one of the other IPs, X.X.X.109.  Those machines are using the
Internal Nat addresses of 192.168.1.10, 192.168.1.11 & 192.168.1.12.


To do this, I think I need both nat & binat, and from what I
understand, I should add the following to my "pf.conf" file --

 wanIF    = "tun0"
 lanIF    = "sis0"
 wanIP_1  = "X.X.X.110"
 wanIP_2  = "X.X.X.109"
 server_1 = "192.168.1.10"
 server_2 = "192.168.1.11"
 server_3 = "192.168.1.12"

 binat on $wanIF from $server_1 to any -> $wanIP_2
 binat on $wanIF from $server_2 to any -> $wanIP_2
 binat on $wanIF from $server_3 to any -> $wanIP_2

 nat   on $wanIF from $server_1 to any -> $wanIP_2
 nat   on $wanIF from $server_2 to any -> $wanIP_2
 nat   on $wanIF from $server_3 to any -> $wanIP_2

But the thing that confuses me is that BINAT is supposedly "1:1
mapping", and I'm worried that using all three binat lines is going to
cause some sort of collision or confusion.

My head's spinning from reading up on this.  I've managed to get more
confused from all the examples, and I'm just not sure how to go about
this.

Any helpful suggestions would be appreaciated a lot!


Thanks alot,

JC

More information about the freebsd-pf mailing list