Hi again.
The nic i use for the connecting to the internal network has the IP 10.0.1.1 so i thought that i was covered with the NAT rule, but this part works know. But how do i filter on wich connection i want to accept out from this box? If the pass out thing isnt the right one to do, how should i then do the filtering?
I'm not exactly sure what you're asking here, but I'll take a stab at it. The nat rule does not pass traffic; it only translates it. Packets must still pass through the filter rules. You had the right idea for allowing traffic out with this rule:
pass out quick log on $ext_if all
Depending on your needs, you may want to tighten that up by specifying only certain protocols or ports (or whatever). It's also necessary for you to use "keep state" on such a rule because you're blocking all incoming traffic on $ext_if. Read this:
http://www.openbsd.org/faq/pf/filter.html#state
Also, when the OpenBSD machine makes a connection to the Internet, it will not use the internal address 10.0.1.1 as the source address, it will use whatever address is bound to $ext_if.
.joel
