Open BSD Nat configuration not working.

[bharathpaul]

Hi,

I am new to Open BSD and trying to explore PF in open BSD.
I am trying to do NAT. I don't know, what i am missing in the configuration. Below is my topology.

node1 (eth1) -------- (re0) BSD (re1) ------------- (eth2) node2

IP:
node1 eth1's IP: 120.100.1.1
BSD re0's IP: 120.100.1.2
BSD re1's IP: 121.100.1.2
node2 eth2's IP: 121.100.1.1

BSD has another interface that is connected to other machines and i dont want to apply any rule over that interface as it is my default gateway. I wanted to perform the tests only on re0 and re1.

My intention is to mask my node1's IP with the different IP when i am trying to communication with node2.


Below is my pf.conf file:

Code:

int_if="re0"
wan_if="re1"

# options
set skip on lo


# match rules

match out on $wan_if inet from ($int_if:network) to any nat-to 19.1.1.0/24

I initiated ICMP ping from node1 and checked the packets in wireshark at node2. No address translation happened.

If someone helps me in figuring out the issue, it would be really really great.


OPEN BSD version: OpenBSD 5.6 (GENERIC)

[jggimi]

Hello, and welcome!

Assuming $wan_if is your "external" interface, where you want NAT to be applied, try:

Code:

match out on $wan_if from !($wan_if) nat-to ($wan_if)

The first use of $wan_if is with "on", and refers to the interface specifically.
The next two uses of $wan_if are interpreted by PF as the network address of the interface, and are in parenthesis because the address is dynamic, and may change.

Your nat-to line had the wrong interface in parenthesis, and listed a specific external address which may change.

If your ISP provides you with a static address, you could remove the parenthesis from $wan_if.

[bharathpaul]

Hello,

Thanks for the response. I am stuck into some other stuffs. So I could not test and reply to you now. Don't mind please.

Thanks,
Bharath. P