View Single Post
  #1   (View Single Post)  
Old 12th August 2012
nekoneko nekoneko is offline
New User
Join Date: Aug 2012
Posts: 3
Default Configuring PF for NAT

I'm trying to set up pf on OpenBSD 5.1 to act as a router, but am having some trouble.

I have two network interfaces:
- urtw0 (internet)
- em0 (trusted internal network)

I want to route all traffic from the em0 network to the internet, and allow SSH connections from em0 to sshd on the OpenBSD box. All other ports should be closed.

My pf.conf looks like this:

block in
pass out on egress from em0:network to any nat-to (egress)
pass in on em0 proto tcp to self port 22

... But with these rules, I can't get to the internet from em0. If I change the last rule in pf.conf to:

pass in on em0

...then it works fine. I don't know much about pf (I'm more of an iptables person), but it looks like I need to actually open the ports I want to route. I don't want to open all ports on em0 - I only want port 22 to be open.

How can I do this?

Reply With Quote