学步园

int_if="rl0"
cnc_if="rl2"

internal_net="192.168.0.0/16"

cnc_addr="21.10.4.6"
web_server = "192.168.200.144"
routerip = "192.168.200.101"
intnet = "192.168.0.0/16"

no nat on $int_if from $int_if to $internal_net
nat on $int_if proto tcp from $internal_net to $web_server port www -> ($int_if)
nat on $cnc_if from $internal_net to any -> ($cnc_if)

rdr on $int_if proto tcp from $internal_net to $cnc_addr port www -> $web_server port www
rdr pass on $cnc_if proto tcp from any to $cnc_addr port {20,21,80} -> $web_server