Simplest of things but I'm failing miserably. $ sudo cat /etc/hostname.vic2 # External NIC with static public IPv4 address inet 50.50.50.59 255.255.255.0 50.50.50.255
$ sudo cat /etc/hostname.vic3 # Internal NIC used as gateway by two machines on same network inet 10.221.181.10 255.255.255.0 10.221.181.255 For troubleshooting I have removed the block all rule, to confirm that it is in fact my NAT related rules that don't work. These are my first and only NAT rules. The other rules work fine and are just to allow SSH to my management interface and ICMP response from the external IP and from the internal gateway IP. Besides I've removed the block all so the other rules don't matter much now. match out on vic2 inet from 10.221.181.0/24 to any nat-to (vic2) round-robin pass inet from 10.221.181.0/24 to any flags S/SA keep state With tcpdump I can see packets going to vic3, but no further. With block all commented out I can fully test the network around and everything is working just fine, I can nc -kl 50.50.50.59 65535 and connect to that port from anywhere on the internet. I just can't connect out from the private network through the gateway. The systems in the private network have 10.221.181.10 as their default gateway. I even have the Book of PF 2nd edition here but it's of no use, the rules are mostly from there. Just for troubleshooting I can also nc -kl 10.221.181.10 65535 on the gateway and connect to that port from the private network machines without issues. So please tell me, what am I missing in this nat-to rule? -- Med vdnliga hdlsningar / With kind regards Stefan Midjich
