Example NAT Rules # Scenario: Two network interfaces; one connected to internal 192.168.0.XXX # network, other connected externally to the Internet. Suppose the internal # interface is named ep1 and the external interface is named xl0. The # following mapping will provide the internal network with Internet # connectivity for tcp/udp traffic (note the ep1 name is not used; instead # its network address is used): map xl0 192.168.0.0/24 -> xl0/32 portmap tcp/udp 10000:20000 # map all tcp connections from network 10 to the address of the first ppp0 # interface (which can be dynamically assigned prior to use of ipnat) map ppp0 10.0.0.0/8 -> ppp0/32 portmap tcp/udp 10000:20000 # map all tcp connections from network 10 into addresses of network 240.1.0 map ppp0 10.0.0.0/8 -> 240.1.0.0/24 portmap tcp/udp 10000:60000 # map all tcp connections from 10.1.0.0/16 to 240.1.0.1, changing the source # port number to something between 10,000 and 20,000 inclusive. For all other # IP packets, allocate an IP # between 240.1.0.0 and 240.1.0.255, temporarily # for each new user. # map ed1 10.1.0.0/16 -> 240.1.0.1/32 portmap tcp 10000:20000 map ed1 10.1.0.0/16 -> 240.1.0.0/24 # # Redirection is triggered for input packets. # For example, to redirect FTP connections through this box, to the local ftp # port, forcing them to connect through a proxy, you would use: # rdr ed0 0.0.0.0/0 port ftp -> 127.0.0.1 port ftp #