gabriel,

Thank you.  I have two more questions:


1:  I am a bit confused about dealing with the NAT/DHCP issue.  What has me
stumped is that if I want to do a:

block in log quick on tun0 proto tcp from any to <internal network> port = 23
or
block out log quick on tun0 proto tcp from <internal network> to any port = 23

What do I put in for the internal network?  The IP is assigned via DHCP.  Is
my only choice to use any?



2: I need to redirect some incoming requests.  I am running a web server and
mail server on a machine behind the firewall and I would like incoming
requests to be redirect to that machine.  How do I configure NAT to do that?

Sam

gabriel rosenkoetter wrote:

> On Fri, Jul 20, 2001 at 07:15:26PM -0400, Sam Carleton wrote:
> > block in log quick on tun0 proto tcp from any to 20.20.20.0/24 port = 23
> >
> > I simply want to block incoming port 23 to the tun0 interface, how do I
> > go about doing that?  For that matter, I would like to block ALL traffic
> > on tun0 of port 23.
>
> Presuming you do want the tcp part included and understand (and
> want) quick:
>
> block in log quick on tun0 proto tcp from any to any port = 23
>
> --
>        ~ g r @ eclipsed.net