Lars Nooden wrote: > Sometimes I have to set up a LAN inside a pre-existing NAT'd LAN and > traffic from the inner LAN (B) does not make it to the Internet or even > to final, external interface (4). > > +-------+ +--------+ > LAN B ---+ 1 + + Box2 + > + NAT + + 4+---> Internet > + 2+--LAN A--+3 NAT + > + Box1 + + + > +-------+ +--------+ > > What kind of generic change is needed in PF to get from LAN B through to > the outside?
If the subnets are different, say 192.168.10.0/24 and 192.168.11.0/24, and each box does its NAT and 'net.inet.ip.forwarding=1' I cannot see anything that would prevent this from working. Start by tracing how far the package makes it and what src address it has. /Alexander > Setting the IP range for LAN B to match those of LAN A is one option, > but has to be done each time and also may run the risk of collision on > some subnets. > > Regards > -Lars
