Thank you.
Again, please edit your post above, and remove reference to your 84.x.x.x addresses, for reasons of limiting exposure to future attack.
---
Your test system has three /24 subnets, and uses the same address for the final octet: 192.168.{1,7,9}.231/24 -- and based on the test PF configuration you provided at the top of this thread, you are using subnet 1 as an external network, and subnet 7 as an internal network. Subnet 9 is not involved yet.
- Confirm you have already turned on IP forwarding as described in FAQ 6.2.7.
Bi-directional NAT has undergone changes over the years. As of 4.7, internally it no longer exists. Instead, it creates a standard NAT rule outbound, and a port forwarding or complete redirection inbound. However, the pf.conf rules are such that you can code address pools and translate entire subnets with a single line. To use your simple example from above, the single rule in pf.conf:
Code:
pass from 192.168.7.232 to any binat-to 192.168.1.1
converts to the following set of rules internally:
Code:
pass out inet from 192.168.7.232 to any flags S/SA keep state nat-to 192.168.1.1 static-port
pass in inet from any to 192.168.1.1 flags S/SA keep state rdr-to 192.168.7.232
Your follow on nat-to rule you had would have replaced the first nat-to, as it would be the last matching rule. I assume the rdr-to would still have been in place.
Please let me know if you are still confused. If there is something that is not working correctly, please, be very clear when you ask again, and include details of what is not working.