Re: PF and NAT (simple) -(sysctl.conf has been edited already)

[Saad Kadhi <saad_(_at_)_docisland_(_dot_)_org>]

On Fri, Oct 08, 2004 at 09:19:11AM +0300, Fehmi Noyan Isi _EEE01 wrote:
> System : OpenBSD 3.5 GENERIC i386 
>  
> I am trying to connect my PCs to net over an OpenBSD NAT gateway. 
> There are two ethernet interfaces on my openbsd box. external is "vr0" (which 
> is connected to internet) and internal is (which is connected to switch) 
> "rl0". 
>  
> # echo dhcp > /etc/hostname.vr0 
> # echo "inet 192.168.0.1 255.255.255.0 NONE" > /etc/hostname.rl0 
> (I also tried 192.168.0.0!) 
> then edited /etc/sysctl.conf, /etc/pf.conf and /etc/rc.conf files and added 
> the lines below 
>  
> in /etc/sysctl.conf
> ----------------------
> net.inet.ip.forwarding=1
> 
> in rc.conf 
> ------------ 
> pf=YES 
>  
> in pf.conf 
> ------------ 
> ext_if="vr0" 
> int_if="rl0" 
>  
>  nat on $ext_if from $int_if:network to any -> ($ext_if) 
>  
> And the output of my "pfctl -sn" is 
>  nat on vr0 from inet 192.198.0.0/24 to any -> (vr0) 
>  
> I can connect to internet with my openbsd box. And ping the other machine on 
> my network (and also to another machine on the internet). But other machine 
> (which I pinged before) cannot connect to internet! 
> What is wrong? Is there a problem with IP address of rl0? 
what are your filter rules? can you ping the openbsd box from the
internal LAN?

make sure you configured the rules correctly by taking operation
precedence (NAT vs. filtering) into account.
-- 
cheers
- saad.