Wednesday, March 6, 2013

openBSD firewall NAT rules

1. Source NAT rule:

pass out on [external interface name] from [internal interface name]:network to any nat-to [external interface name]

2. Destination NAT rule:

pass in on [external interface name] proto tcp from [external source ip] to any port 80  rdr-to [internal dst interface]

Also you need to add alias IP at external interface to take care of arp request. The sample config(/etc/hostname.[interface name] for interface is as following

 inet [ipaddress] [mask ] [broadcast address]
 for alias ip add the following line
inet alias  [ipaddress] [mask] [broadcast address]

No comments:

Post a Comment