# # $Id: ipnat.rules,v 1.1 2002/11/14 20:24:19 raptor Exp $ # # ipnat.rules v1.0 - Sample IPFilter NPAT rules file # Copyright (c) 2001 Raptor # # Sample rules for the configuration of NAT and Proxies # provided with the stateful packet filter IPFilter, # with detailed comments. Tested on OpenBSD 2.9. # # Change it to fit your local configuration. # ######################################################### # Port redirect # # Uncomment the following rules to redirect all traffic # from the specified external ports to an internal # host. In this example we did Netbios and HTTP protocols. # # Netbios (for simplicity we open tcp/udp on all ports). # #rdr de0 0.0.0.0/0 port 137 -> 192.168.100.8 port 137 tcp/udp #rdr de0 0.0.0.0/0 port 138 -> 192.168.100.8 port 138 tcp/udp #rdr de0 0.0.0.0/0 port 139 -> 192.168.100.8 port 139 tcp/udp # # HTTP (tcp is surely enough). # #rdr de0 0.0.0.0/0 port 80 -> 192.168.100.4 port 80 ######################################################### # Application Proxy: FTP # # Activate the FTP proxy for the masqueraded hosts below. # Remember to always place application proxies rules # before any portmap rules, otherwise they'll not work. # map de0 192.168.100.0/24 -> 0/32 proxy port ftp ftp/tcp ######################################################### # IP Masquerading (many-to-one mapping) # # Masquerade the hosts in the 192.168.100.0/24 CIDR, # mapping TCP and UDP source ports to the port range # 20000-30000. # map de0 192.168.100.0/24 -> 0/32 portmap tcp/udp 20000:30000 map de0 192.168.100.0/24 -> 0/32 ######################################################### # Bi-directional NAT (one-to-one mapping) # # Uncomment the following rule to publish an internal # IP address to the external network. Remember that to # be genuinely useful, bimap should be used in conjunction # with either proxy arp, or ifconfig(8) aliases. See # the ipnat(8) man page for details. # #bimap de0 192.168.100.2/32 -> 195.1.2.2/32