perhaps someone here can help.. I need some information in making a openbsd 3.3 box a router w/ nat and a firewall..

I think most of us have setup enough firewalls to help with that :D

If you give us some more detail like the networks your looking at, it wouldnt be hard to write one up quick.

What are you looking to do? Post your goals, preferably along with a diagram of what your network will look like with this OpenBSD box in it. Hopefully one of us should be able to help you.

ok i'm doing a little research... i'm planing in the future to switch my fbsd server over to obsd.

Here's what i want it to do...

Router / Firewall And needs NAT

it will be routing for 3 pc's and connecting to our fine vpn.

basic services will be used.. chrooted apache, dhcp server, etc....

the ouside iface is dhcp and the internal interface is 10.0.2.1/24

nat rules will be something like:

*by the way the nat rules are just so i can use voip for socom's headset*

[code:1:a6b9f20e52]
#rdr sis0 0.0.0.0/0 port 5150 -> 192.168.1.105 port 5150 udp

#map sis0 192.168.1.0/24 -> 0/32 portmap udp 5999:7000

#rdr sis0 proto udp from 192.168.1.105/32 port 5999 >< 7000 to any -> sis0 static-port
#rdr on sis0 proto udp from any to any port 6000:6999 -> 192.168.1.105 port 6000:*
#pass out on sis0 proto { tcp, udp, icmp } from any to any keep state
#pass in on sis0 proto udp from any to any port 5999 >< 7000
[/code:1:a6b9f20e52]

Heres a basic setup to get you started...
Once I layout my setup for the VPN I can show you examples of that too.


# OpenBSD 3.3
#macros
ext_if = " your interface "
int_if = " your interface "
tcp_services = "{ your tcp ports here }"


#tables
table <noroute> const { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12,
10.0.0.0/8 }


#options
set optimization aggressive
set loginterface $ext_if

scrub in all fragment reassemble

#NAT and RDR rules
nat on $ext_if from $int_if:network to any -> ($ext_if)
your rdr rules here.....


#default Deny all
block log all

#allow loopback traffic
pass quick on lo0 all


block in quick on $ext_if from <noroute> to any
block out quick on $ext_if from any to <noroute>

pass in on $ext_if inet proto tcp from any to ($ext_if) port
$tcp_services flags S/SAFR keep state
pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state
pass out on $ext_if proto tcp all modulate state flags S/SAFR
pass out on $ext_if proto { udp, icmp } all keep state

sweet thanks