Hi All, I'm trying to setup a new router/firewall for multiple VLANs including one VLAN that must be NAT and I seem to be running into an odd issue.
OS is OpenBSD 4.7-BETA; Jan 27, 2010 snapshot from ftp.openbsd.org /etc/hostname.em0 ------------------ up /etc/hostname.em0 ------------------ up /etc/hostname.vlan301 ------------------ inet 1.2.3.4 255.255.255.0 vlan 301 vlandev em0 description "Uplink" /etc/hostname.vlan303 ------------------ inet 10.0.0.254 255.255.255.0 vlan 303 vlandev em0 description "NAT" /etc/pf.conf -------------- #skip filtering on loopback set skip on lo # NAT VLAN 303 traffic on our Uplink VLAN nat on vlan301 from vlan303:network to any -> (vlan301) pass # to establish keep-state So, starting with a very simple rule set, however, pfctl -nf /etc/pf.conf complains that the "nat on" line is incorrect. I used the similar example from http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&arch=i386&apropos=0&manpath=OpenBSD+Current Am I missing something here? It would seem that this would map all VLAN 303 (10.0.0.0/24) addresses to VLAN 301 (1.2.3.4) address. Has the syntax changed and even -current documentation isn't correct? --- James A. Peltier [email protected]
