On Tue, 21 Aug 2007, Darren Reed wrote:
> Tobias Nygren wrote:
>> On Tue, 21 Aug 2007 09:55:54 -0400 (EDT)
>> Alicia da Conceicao <alicia@engine.ca> wrote:
>> 
>> > Greetings:
>> > > Does anyone know if there is any type of application proxy for ipfilter
>> > and SIP on NetBSD?
[snip]
>> I could never get my SIP phone to work with ipfilter and NAT, however
>> I did manage to get it to work with pf(4), using the setup below.
>> The static-port keyword was the magic I needed.
>> 
>> ext_if = "tap0"
>> sip_ports = "{3478:3479, 5060:5061, 10000:10007}"
>> sip_ip = "172.18.1.66/32"
>> nat on $ext_if from $sip_ip to any -> $ext_if static-port
>> rdr on $ext_if proto udp from any to $ext_if port $sip_ports -> $sip_ip
>> pass in quick on $ext_if inet proto udp from any to any port $sip_ports
>
> The only part that IPFilter is incapable of here is expressing
> the above in so few rules.

Darren, can you give us a quick recipe-book entry based on the above so 
that it'll be here if people Google for it later?

-- 
Stephen