Hey all, I'm a bit confused with all the help I'm getting. Let's just backtrack for a second. I have an external interface (dc1) which is the internet. I get connected via dhclient. All goes well so far. Before pf, I enable dhcpd to two interfaces, (dc0 and ral0). This goes fine as well. I've tested both interfaces and I can ssh into the firewall from both interfaces. So far so good.
Once I enable pf with the given ruleset, I can't all of a sudden ping to domains. The DNS server of the external interface (ISP) is 192.168.1.1. I use Sprint DSL (no PPPoE required) (will change to UVA T1 Ethernet) and their DNS server is 192.168.1.1. Like I said, I'm not running a nameserver on the firewall, so all I would have to do is forward the nameserver that the external interface retrieves to the internal interface(s). Something goes wrong in pf which all of you have pointed out already. I need pf to do NAT. So, now the question is, can I do NAT from one interface to two internal interfaces? Or, would I have to modify it and in doing ext_if --> NAT --> int_if --> NAT --> wir_if (wireless interface)? Also, Jason, what do I snip and what do I keep exactly? It's kind of unclear. Do I snip the priv_nets declaration? 192.168.1.1 is outside the firewall. It's the ISP's nameserver. The question is, why can't I ping to domains (google.com) right after I enable pf? Also, in dhcpd.conf, do I need to have the statement: option domain-name-servers 192.168.1.1 to tell the dhcp clients of the internal interfaces that the nameserver they will be using is the ISP's? Karl, This one tries to do NAT on all IP's not coming from any internal and wifi address pool?! What do you mean by that? I can't do NAT to two interfaces from ext_if? Do I have to NAT from dc1 to dc0 and then dc0 to ral0? Also, nat on $ext_if from !($ext_if) -> ($ext_if:0) what does this exactly do? Looking at it, I don't see int_if and wir_if to which it does nat to. Sorry to bother you guys like this. I'm a newbie in OpenBSD as well as pf. Thanks a lot, though. Vivek
