#
# Interface:
# fxp1 - external to cable modem
#
# NAT policy:
# + Use IP Filter FTP proxy
# + Use IP Filter IKE proxy
# + Use IP Filter RealAudio proxy
# + NAT UDP and TCP packets from internal hosts to external IP
# + NAT ICMP packets from internal hosts to external IP
#
# share and enjoy,
# artem@avator.org.ua
# May 5, 2005
#
# ------------------------------------------------------------
# Use ipfilter FTP proxy for the firewall doing transfer mode
# active.
# ------------------------------------------------------------
#map ep1 0.0.0.0/0 -> 0.0.0.0/32 proxy port ftp ftp/tcp
# ------------------------------------------------------------
# Use ipfilter FTP proxy for hosts behind NAT doing transfer
# mode active.
# ------------------------------------------------------------
map fxp1 внутр/32 -> внешний/32 proxy port ftp ftp/tcp
# -----------------------------------------------------------
# Use ipfilter IKE proxy for ESP packets for hosts behind NAT
# IP Filter 3.4.21 and beyond only.
# -----------------------------------------------------------
#map fxp1 внутр/24 -> внешний/32 proxy port 500 ipsec/udp
# -----------------------------------------------------------
# Use ipfilter RealAudio proxy for hosts behind NAT
# -----------------------------------------------------------
#map ep1 192.168.1.0/24 -> 0.0.0.0/32 proxy port 7070 raudio/tcp
# -----------------------------------------------------------
# -----------------------------------------------------------
# -----------------------------------------------------------
# -----------------------------------------------------------
# Map all internal UDP and TCP traffic to the external IP address
# -----------------------------------------------------------
#map fxp1 внутр/24 -> внешний/32 portmap tcp/udp 40000:45000
map fxp1 внутр/24 -> внешний/32 portmap tcp/udp 45000:50000
map fxp1 внутр/32 -> внешний/32 portmap tcp/udp 30000:31000
map fxp1 внутр/32 -> внешний/32 portmap tcp/udp 33000:33100
# -----------------------------------------------------------
# Map all other traffic e.g. ICMP to the external IP address
# -----------------------------------------------------------
map fxp1 внутр/24 -> внешний/32
# -----------------------------------------------------------
# DNS
# -----------------------------------------------------------
rdr fxp1 внешний/32 port 53 -> внутр port 53 udp
rdr fxp1 внешний/32 port 53 -> внутр port 53 tcp
# -----------------------------------------------------------
# -----------------------------------------------------------
rdr fxp1 внешний/32 port 25 -> внутр port 25 tcp
rdr fxp1 внешний/32 port 110 -> внутр port 110 tcp
rdr fxp1 внешний/32 port 143 -> внутр port 143 tcp
# -----------------------------------------------------------
# HTTP
# -----------------------------------------------------------
rdr fxp1 внешний/32 port 80 -> внутр port 80 tcp
rdr fxp1 внешний/32 port 443 -> внутр port 443 tcp