# # Simple incoming NAT and reverse NAT firewall to allow IP camera to be used # without gateway and or any other special configuration # # Rick van der Zwet # wireless_uplink="wlan0" wired_uplink="sis0" int_if="bridge0" int_network="10.2.81.1/8" camera_ip="10.2.81.228" # Do not do anything @ localhost set skip on lo0 ### all incoming traffic on external interface is normalized and fragmented ### packets are reassembled. scrub in all fragment reassemble # Both interfaces has NAT allowances nat on $wired_uplink -> ($wired_uplink:0) nat on $wireless_uplink -> ($wireless_uplink:0) # Incoming Camera redirect nat on $int_if from any to $camera_ip port 80 -> ($int_if:0) rdr pass on $wired_uplink proto tcp from any to any port 8081 -> $camera_ip port http rdr pass on $wireless_uplink proto tcp from any to any port 8081 -> $camera_ip port http # No firewall configured pass quick on $int_if no state pass out on $wired_uplink keep state pass out on $wireless_uplink keep state pass in on $wired_uplink keep state pass in on $wireless_uplink keep state