2009/2/23 Jason Dixon <jason@dixongroup.net>:
quoted text
> ##########################################################
> 00 ext_if = "sk0"
> 01 int_if = "sk1"
> 02
> 03 set skip on lo
> 04
> 05 scrub in
> 06
> 07 nat on $ext_if from $int_if:network to any -> ($ext_if:0)
> 08
> 09 block in log all
> 10 pass in on $int_if inet keep state
> ##########################################################

I tried this and I'm afraid it doesn't work. I can't ping anymore,
neither from my own box nor from the firewall. This setup is basically
what I also found in the books I have, I guess. :-(

DHCP works (i.e. my box gets an IP from the DHCP daemon on the
firewall) and I can see maradns receiving requests from localhost (the
firewall) and from the int_if (my box) when I try to ping something.
It's all blocked by the firewall, though.

I don't think it should matter but the only "special" thing about my
setup is that my external IP is on 192.168.1.0/24. Yes, that's my
*external* network. No more IPv4 address shortages for my ISP. :-)

Please also see my next reply.