RE: NAT problems

Thu, 15 Aug 2002 08:17:51 +0200 (MEST) 

Hmm.

Ok. I edited my current nat.conf file and took out some of the examples that
where in there. (Basically just to clean it up a bit, easier to read.)

Here is the entire nat.conf: (I will post the error after i run pfctl -N
/etc/nat.conf


---------------------------Nat.conf------------------------------------
#           $OpenBSD: nat.conf, v 1.4 2001/07/09 23:20:46 millert Exp $
#
# See nat.conf(5) for syntax and samples
#
#Declare interface
ext_if = "dc0"

nat on $ext_if from 192.168.1.0/24 to any -> $ext_if


Here is the output from two commands:

pfctl -N /etc/nat.conf
/etc/nat.conf:8: syntax error
pfctl: syntax error in file: nat rules not loaded

pfctl -R /etc/nat.conf
/etc/nat.conf:8: syntax error
pfctl: syntax error in rule file: pf rules not loaded

Here is my pf.conf:(no problems here..posting for additional info)

--------------------------pf.conf--------------------------------
#Declare interfaces
ext_if = "dc0"
int_if = "dc1"
NoRoute = "{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255 }"

#scrub incoming packets
scrub in all

#Block spoofed IP's
block in  quick on $ext_if from $NoRoute to any
block out quick on $ext_if from any to $NoRoute

#Default block/deny rule
block in on $ext_if all

#Let LAN out to internet to access services
block out on $ext_if all
pass  out on $ext_if inet proto tcp all flags S/SA keep state
pass  out on $ext_if inet proto udp all keep state
pass  out on $ext_if inet proto icmp all keep state

Thats it.

If you need any additional info, let me know.
Thanks everyone.

Jason


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jolan Luff
Sent: Wednesday, August 14, 2002 10:49 PM
To: [EMAIL PROTECTED]
Subject: Re: NAT problems


On Wed, Aug 14, 2002 at 10:38:01PM -0700, Jason Williams wrote:
> Sure.
>
> Here it is. I edited it some, but I still get a error on the line where
the
> nat rules are:
>
> nat on $ext_if from 192.168.1.0/24 to any -> $ext_if
>
> Thats it. Very odd if you ask me. :)

okay. your error means there's a problem with line 18 of nat.conf.

is your nat.conf file 18 lines and that's the relevant line? (paste the
whole, unmodified nat.conf).

is $ext_if set? (it has to be set in both nat.conf and pf.conf)

you're doing something weird, and the info you're giving isn't helping
us to track down the issue.

- jolan

Reply via email to