Nevermind, I sorted out my issue. The carp1 interface had multiple
IPs assigned and PF was pulling the last one. Adding a carp_ip
variable and changing the NAT statement makes it work:
nat on $cable_if from $lan_net to any -> $carp_ip
This does make me wonder though more generally about when to use the
carp interface versus the physical interface in PF. Does anyone know
of a guide or a good rule of thumb?
Thanks!
:: elliott barrere :: 206.855.7011 ::
On Jul 28, 2009, at 1:56 PM, Elliott Barrere wrote:
Hi everyone, please excuse my noobiness.
I have a basic firewall setup with CARP running on the LAN and WAN
interfaces. CARP and pfsync seem to be functioning properly. The
problem is I can't seem to figure out how to make pf NAT from the
internal network to the carp1 interface IP on the outside (packets
always end up coming from the IP of the physical interface in
question).
I thought I could do something like:
nat on $carp_if from $lan_net to any -> ($carp_if)
but that doesn't work. Can anyone provide me examples of a setup
using CARP and NAT? I feel like this should be pretty common...
Thanks!
:: elliott barrere :: 206.855.7011 ::
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
