|
|||
OpenBSD pf NAT question
I'm confused about how NAT is working. I currently have the following line:
match out on $ext_if from !(egress:network) to any nat-to $default_out Which works. $default_out is one of the static IP addresses assigned to $ext_if. However, I have certain systems that I want to go out of a different IP address (I have five statics). I tried this: match out on $ext_if from 172.16.111.1 to any nat-to $static2 where $static2 is a different static address. After loading the ruleset, when I browse with 172.16.111.1, when I google "ip" it shows the address from $default_out. I've tried adding the quick keyword to the $static2 NAT and moving it above the $default_out NAT but no beans. Why isn't this working? Is there another way I can NAT specific internal addresses to external addresses other than $default_out? TIA |
|
|||
Welcome!
It would help if the following would be provided: $ sysctl kern.version ...as there is no information about what version of OpenBSD is used. pf(4) has gone through significant changes in the last several releases, so knowing what version you are using is important. |
|
|||
You got it:
# sysctl kern.version kern.version=OpenBSD 5.1 (GENERIC.MP) #207: Sun Feb 12 09:42:14 MST 2012 deraadt@amd64.openbsd.org:/usr/src/s...ile/GENERIC.MP |
|
|||
I'm not sure I understand. Are you saying I need to use pass rules instead of match?
|
|
||||
Yes, if I've understood the problem correctly. Let's see if I understand:
Code:
pass This rule allows the packet to be transmitted. If the packet was previously matched by a match rule where parameters were specified, they will be applied to this packet. pass rules may have their own parameters; these take priority over parameters specified in a match rule. |
|
|||
That did it! pass rule worked! Thanks!
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
OpenBSD Packages question | shep | OpenBSD Packages and Ports | 4 | 9th March 2011 03:27 AM |
Question about installing OpenBSD as Firewall | afcelie | OpenBSD Installation and Upgrading | 12 | 3rd January 2011 09:18 PM |
OpenBSD release to -current: Xenocara question | IronForge | OpenBSD Installation and Upgrading | 4 | 1st September 2009 05:44 PM |
Enlightenment e17 on OpenBSD (Question about current ports) | uptonm | OpenBSD Packages and Ports | 2 | 17th June 2009 09:12 PM |
external drive partition question + fdisk question | gosha | OpenBSD General | 15 | 15th June 2009 02:00 PM |