I am trying to set up a simple nat on OpenBSD 5.3, I copied from another
config that is working.
ext_if="em0"
int_if="em1"
ipv6="2607:f2f8:aa18::2"
ipv4="208.79.92.130"
local_net="192.168.1.0/24"
cyrus="192.168.1.2"
cyrus_ports = "{ 2022 }"
tcp_serv = "{ ftp, ssh, http, https, 10000, 2222, 8080, 8022, > 49151 }"
icmp_types="echoreq"
set skip on lo0
#ftp proxy
anchor "ftp-proxy/*"
pass in quick on $int_if inet proto tcp to port ftp divert-to 127.0.0.1
port 8021
match out on egress inet from !(egress:network) to any nat-to (egress:0)
pass
block in on ! lo0 proto tcp to port 6000:6010
#block in quick from urpf-failed
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on egress inet proto tcp from any to (egress) port $tcp_serv
#FTP
pass in on $ext_if proto tcp to port 21
pass in on $ext_if proto tcp to port > 49151
pass in on egress inet proto { tcp udp } to (egress) port $cyrus_ports
rdr-to $cyrus
pass in inet proto icmp all icmp-type $icmp_types
pass in on $int_if
--
www.johntate.org
