On Sun, Jul 28, 2002 at 04:58:25PM -0700, Jason Williams wrote:
> OpenBSD 3.1 Firewall/Gateway, running PF and NAT.
You probably want a nat.conf like this
ExtIf = "dc0"
nat on $ExtIf inet from 192.168.0.0/16 to any -> $ExtIf
> pass out quick on $ExtIf proto tcp/udp from 192.168.1.0/16 to any keep
> state
> pass out quick on $ExtIf proto icmp from 192.168.1.0/16 to any keep
> state
NAT'ed packets will have their source address already translated when
they are filtered, so this should be
pass out quick on $ExtIf inet proto { tcp, udp, icmp } \
from $ExtIf to any keep state
or
pass out quick on $ExtIf inet proto tcp from $ExtIf to any keep state
pass out quick on $ExtIf inet proto udp from $ExtIf to any keep state
pass out quick on $ExtIf inet proto icmp from $ExtIf to any keep state
> pass out quick on $ExtIf proto icmp from 192.168.1.0/16 to any icmp-type 8
> keep state
This is already covered by the above icmp rule.
Daniel
