View Single Post
  #2   (View Single Post)  
Old 1st November 2011
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,506

# --- NAT
nat on $ext_if from !($ext_if)

# --- EXTERNAL interface 
# --- OUT
pass out quick on  $ext_if all keep state flags S/SA

# -- INTERNAL interface
# --- IN & OUT
pass        quick on  $int_if all keep state flags S/SA

# default block and log
block log all
This will do NAT for the internal network, only pass out traffic on the external interface, and pass out/in traffic on the internal interface.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote