Thread: PF and LAN
View Single Post
  #2   (View Single Post)  
Old 25th March 2009
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
Default
Code:
   INTERNET
       |
       |
-------|------------
    external
  192.168.1.9
           
     NBSD
    router
        
  192.168.2.1        
    internal
-------|------------
       |
       |
       |
    switch 
  internal Lan
  192.168.2.0/24
Your internal LAN clients should have 192.168.2.1 as their default gateway. The default gateway always is on the same net as the client using the default gateway.

Your NAT rule is not correct. You should NAT on the external interface:
Code:
nat on $ext_if from $localnet to any -> ($ext_if)
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote