Network Address Translation
Note: This page is for people still using OpenBSD versions below 3.0 or OpenBSD versions above 2.9 patched to include IPFilter support. This page will be restructured soon.
To enable NAT you should enable ipfilter and ipnat in /etc/rc.conf and edit/etc/ipnat.rules to reflect your needs.
An example. rl0 is the external interface, connected with the internet.
Proxy outgoing FTP connections from the intranet:
map rl0 192.168.0.0/24 -> rl0/32 proxy port ftp ftp/tcp
Do some redirection from the outside to an internal host:
rdr rl0 0.0.0.0/0 port 8022 -> 192.168.0.8 port 22
rdr rl0 0.0.0.0/0 port 8080 -> 192.168.0.8 port 80
Two NAT rules to let the intranet transparently talk with the internet:
map rl0 192.168.0.0/24 -> rl0/32 portmap tcp/udp 10000:20000
map rl0 192.168.0.0/24 -> rl0/32
More coming soon.