--- On Mon, 2/1/10, James Peltier <[email protected]> wrote: > From: James Peltier <[email protected]> > Subject: -CURRENT, VLANs, NAT > To: "OpenBSD Mail List" <[email protected]> > Received: Monday, February 1, 2010, 7:27 PM > Hi All, > > I'm trying to setup a new router/firewall for multiple > VLANs including one VLAN that must be NAT and I seem to be > running into an odd issue. > > OS is OpenBSD 4.7-BETA; Jan 27, 2010 snapshot from > ftp.openbsd.org > > /etc/hostname.em0 > ------------------ > up > > /etc/hostname.em0 > ------------------ > up > > /etc/hostname.vlan301 > ------------------ > inet 1.2.3.4 255.255.255.0 vlan 301 vlandev em0 description > "Uplink" > > /etc/hostname.vlan303 > ------------------ > inet 10.0.0.254 255.255.255.0 vlan 303 vlandev em0 > description "NAT"
Please note a mistype. The VLAN device for this VLAN is em1 and not em0. It should read this inet 10.0.0.254 255.255.255.0 vlan 303 vlandev em1 description "NAT" > /etc/pf.conf > -------------- > > #skip filtering on loopback > set skip on lo > > # NAT VLAN 303 traffic on our Uplink VLAN > nat on vlan301 from vlan303:network to any -> (vlan301) > > pass # to > establish keep-state > > So, starting with a very simple rule set, however, pfctl > -nf /etc/pf.conf complains that the "nat on" line is > incorrect. I used the similar example from > > http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&arch=i386&apro pos=0&manpath=OpenBSD+Current > > Am I missing something here? It would seem that this > would map all VLAN 303 (10.0.0.0/24) addresses to VLAN 301 > (1.2.3.4) address. Has the syntax changed and even > -current documentation isn't correct? > --- > James A. Peltier [email protected] > > > > bookmark your favourite sites. Download it now > http://ca.toolbar.yahoo.com. > __________________________________________________________________ Make your browsing faster, safer, and easier with the new Internet Explorer. 8. Optimized for Yahoo! Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/
