[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF and NAT (simple) -(after the advices)



OLD MESSAGE 
Read this if you did not read it before.
######################################################
hi 

System : OpenBSD 3.5 GENERIC i386 

I am trying to connect my PCs to net over an OpenBSD NAT gateway. 
There are two ethernet interfaces on my openbsd box. external is "vr0" (which 
is connected to internet) and internal is (which is connected to switch) 
"rl0". 

# echo dhcp > /etc/hostname.vr0 
# echo "inet 192.168.0.1 255.255.255.0 NONE" > /etc/hostname.rl0 
(I also tried 192.168.0.0!) 
then edited /etc/sysctl.conf, /etc/pf.conf and /etc/rc.conf files and added 
the lines below 

in /etc/sysctl.conf 
---------------------- 
net.inet.ip.forwarding=1 

in rc.conf 
------------ 
pf=YES 

in pf.conf 
------------ 
ext_if="vr0" 
int_if="rl0" 

nat on $ext_if from $int_if:network to any -> ($ext_if) 

And the output of my "pfctl -sn" is 
nat on vr0 from inet 192.198.0.0/24 to any -> (vr0) 

I can connect to internet with my openbsd box. And ping the other machine on 
my network (and also to another machine on the internet). But other machine 
(which I pinged before) cannot connect to internet! 
What is wrong? Is there a problem with IP address of rl0? 
If I use dhcp for rl0, but interface cannot get the IP addresses (I know from 
output of "ifconfig -a" and "errors given by PF") 

Thanks for your advices...

####################################
END OF OLD MESSAGE

/etc/pf.conf
-------------------
ext_if="vr0" 
int_if="rl0" 

nat on $ext_if from $int_if:network to any -> ($ext_if) 

pass out on $ext_if from $int_if:network to any keep state
pass in  on $ext_if from any to $int_if:network keep state
---------------------------------------------------------------

Here I should add something. The "pass" lines have just been added. So, when I 
sent the first message, the "pass" lines were not present (I know this is 
foolish! :(  ) 
I also used "any" instead of "$int_if:network". Nothing changes!

IP of ext ethernet interface : successfully given from DHCP
IP of int ethernet interface : 192.168.0.1/24 (from /etc/hostname.rl0)

The assigned IP of other machine in my LAN : 192.168.0.165
Gateway for other machine in my LAN : 192.168.0.1 (my int card) 

The system is rebooted several times for different trials.
I can ping other machine in my network and also it can ping me successfully. 
But it cannot reach any web page! And also, he cannot view me from "my network 
places"!.

The other file configurations can be seen from the "OLD MESSAGE".