I forgot to sysctl net.inet.ip.forwarding=1 lol.
On Sun, Jun 2, 2013 at 8:36 AM, John Tate <[email protected]> wrote: > I am trying to set up a simple nat on OpenBSD 5.3, I copied from another > config that is working. > > ext_if="em0" > int_if="em1" > ipv6="2607:f2f8:aa18::2" > ipv4="208.79.92.130" > > local_net="192.168.1.0/24" > > cyrus="192.168.1.2" > > cyrus_ports = "{ 2022 }" > > tcp_serv = "{ ftp, ssh, http, https, 10000, 2222, 8080, 8022, > 49151 }" > icmp_types="echoreq" > > set skip on lo0 > > #ftp proxy > anchor "ftp-proxy/*" > pass in quick on $int_if inet proto tcp to port ftp divert-to 127.0.0.1 > port 8021 > > match out on egress inet from !(egress:network) to any nat-to (egress:0) > > pass > > block in on ! lo0 proto tcp to port 6000:6010 > > #block in quick from urpf-failed > > block in log > pass out quick > > antispoof quick for { lo $int_if } > > pass in on egress inet proto tcp from any to (egress) port $tcp_serv > > #FTP > pass in on $ext_if proto tcp to port 21 > pass in on $ext_if proto tcp to port > 49151 > > pass in on egress inet proto { tcp udp } to (egress) port $cyrus_ports > rdr-to $cyrus > > pass in inet proto icmp all icmp-type $icmp_types > > pass in on $int_if > > > -- > www.johntate.org > -- www.johntate.org
