[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    Re: super simple pf.conf that doesn't work as expected.
From:       Daniel Hartmeier <daniel () benzedrine ! cx>
Date:       2008-11-27 15:12:06
Message-ID: 20081127151206.GV29129 () insomnia ! benzedrine ! cx
[Download RAW message or body]

On Wed, Nov 26, 2008 at 12:52:47PM -0600, Patric wrote:

> ext_if = "xl2"
> int_if = "xl1"
> localnet = $int_if:network
> nat on $ext_if from $localnet to any -> ($ext_if)
> pass from { lo0, $localnet } to any keep state
> __________________________
> 
> this is pretty much the most basic natting pf.conf described in "The
> Book of PF" and I can't pass any traffic through it at all, pftop shows
> nothing, and I am starting to doubt my sanity, any help is greatly
> appreciated.

Translation occurs before filtering, so outgoing packets will have
$ext_if as source on the external interface (not $localnet), hence
your pass rule is not matching.

Daniel
[prev in list] [next in list] [prev in thread] [next in thread]