First thing I have to do is add packet forwarding
# echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf
# echo "net.inet6.ip6.forwarding=1" >> /etc/sysctl.confI guess I should play with IPv6 some time, anyway lets go nattin
/etc/pf.conf
ext_if = "tun0 "
int_if = "vr0"
int_net = "vr0:network"
lan_net = "192.168.9.0/24"
momos = "{ 993 25 22 }"
pigs = "{ 80 222 }"
# nat on $int_if to any -> $(ext) - ppp is natting for me
# even though my IP is fixed, it's still assigned by dhcp
table const { self }
set skip on lo0
# it doesn't like the next line
# scrub in all
block all
block in quick from urpf-failed
pass in on $int_if from $lan_net to any
pass out on $int_if from any to $lan_net
pass out on $ext_if proto { tcp udp icmp } all modulate state
pass in on $ext_if proto tcp from any to ! port ssh synproxy state
rdr log on $ext_if proto tcp from any to any port $momos -> 192.168.9.14
pass in on $ext_if proto tcp from any to any port $momos
rdr log on $ext_if proto tcp from any to any port $pigs -> 192.168.9.6
pass in on $ext_if proto tcp from any to any port $pigs
No comments:
Post a Comment