    i'm migrating a pf firewall to an iptables setup.

    i have two pf nat rules,

      nat on $wanIF from $smtpLAN              to any port{25,465,587} -> $smtpWAN
      nat on $wanIF from $smtpLAN port{25,587} to any                       -> $smtpWAN

    that i'm unclear how to deal with in FWB.

    in NAT policy, columns are,


    which don't seem to map 1:1 to the src/prt specs in PF.

    rather than guessing, what'd be the correct implementation in FWB/iptables of those PF rules?

    Vadim Kurland

    the part after "from" goes to the "original source" and the part after "->" goes to the "translated source". To describe port translation you need to create TCP service object with corresponding port numbers and put it in the "original service". You need two sets of tcp service objects for these two rules. One set of three separate tcp service objects should have destination port 25, 465 and 587 and should be used with rule 1. The other, with source port 25 and 587, in rule 2.

    You can place outside interface in the "Outbound Interface" rule element but if you dont, compiler will try to guess it for you by matching ip addresses used in the rule against addresses of interfaces.

    Fwbuilder comes with many typical tcp service objects in the Standard objects library, I suggest you look in ti for the tcp service objects you need first and then create those that are not there.

    Users Guide explains NAT rules in more details: