From owner-freebsd-pf@FreeBSD.ORG  Thu Apr 18 12:20:52 2013
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 93B388CD
 for <freebsd-pf@freebsd.org>; Thu, 18 Apr 2013 12:20:52 +0000 (UTC)
 (envelope-from sam.gh1986@gmail.com)
Received: from mail-la0-x244.google.com (mail-la0-x244.google.com
 [IPv6:2a00:1450:4010:c03::244])
 by mx1.freebsd.org (Postfix) with ESMTP id 2A00E962
 for <freebsd-pf@freebsd.org>; Thu, 18 Apr 2013 12:20:51 +0000 (UTC)
Received: by mail-la0-f68.google.com with SMTP id fk20so440499lab.3
 for <freebsd-pf@freebsd.org>; Thu, 18 Apr 2013 05:20:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:x-received:date:message-id:subject:from:to
 :content-type; bh=grBbGpvnxRVdWMwGKuOhQI3dM0y9sH+YCUjj3rtl0e8=;
 b=UWKXv6ySSDtH2Rd+A5b1EH7UKqzd+qegpEHm/ugJkRih7+7SRiRo+zWw+cJ78P1Ft+
 PGzU/aFeCcwfSJ+Ut4CaZAZxFul0MOyl565hxMzWzJ+RNRUw1PpouW+eeKmE5LaypUgZ
 NmQxauyFvfhSu/HjgK7ghk2SUvo8Ta8AgED4NbwqTLQkz602mquiA2SDScXqhR4CLqLR
 cB0SP0ca62ctce88j4pE+SZdVVCohLhZx9PM0/6MMYzYC294yASj+MOCD2Q8E73z9e9y
 e3skoEzy/FNqsx2UIeXJY0EfPaUW+UOJuIdlhXq74OX57tWHuybAoIv810j7OMZYKLC0
 mZSQ==
MIME-Version: 1.0
X-Received: by 10.112.180.193 with SMTP id dq1mr5624324lbc.60.1366287651074;
 Thu, 18 Apr 2013 05:20:51 -0700 (PDT)
Received: by 10.112.163.130 with HTTP; Thu, 18 Apr 2013 05:20:50 -0700 (PDT)
Date: Thu, 18 Apr 2013 16:50:50 +0430
Message-ID: <CAA_1SgH5JNLbfKvMKqnBaenTdJOkEM2hCjOqrvBakf131h-L4Q@mail.gmail.com>
Subject: access inside systems from outside
From: s m <sam.gh1986@gmail.com>
To: freebsd-pf <freebsd-pf@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2013 12:20:52 -0000

hello every body

i am newbie in pf and nat and have a conceptual problem with it. i
enable inside nat and it works properly (inside addresses are nated to
external ones). i can ping outside systems from inside but not in
reverse side.

my question is: is it the true behavior? i mean when we have inside
nat, just inside systems should access outside systems and outside one
should not access to inside ones? in cisco we can access inside
systems from outside when inside nat is configured.

please help me to clear my mind and understand what is correct manner.
thanks in advance
sam