Hello all, I recently stood up an OpenBSD server to replace and older ASA. I read the faq and was interested in the packet tagging aspect because I have a DMZ and it makes the rule set seem more readable to my brain..
In any case I have the following taken from the PF faqs on the OpenBSD website... _int = "re0" _ext = "fxp1" int_net = "192.168.200.0/24" pass out on $_ext tag LAN_NAT_TO_INET tagged LAN_TO_INET nat-to ($_ext) pass in on $_int from $int_net tag LAN_TO_INET ...... pass out quick on $_ext tagged LAN_NAT_TO_INET I've obviously changed around some of the macros and there are other rules (although commented out at this time until I get get LAN conenctivity) but it doesn't work. Interestingly enough this does: _int = "re0" _ext = "fxp1" int_net = "192.168.200.0/24" pass out on $_ext tag LAN_NAT_TO_INET tagged LAN_TO_INET pass in on $_int from $int_net tag LAN_TO_INET ...... pass out quick on $_ext tagged LAN_NAT_TO_INET nat-to ($_ext) Any reason why at the bottom of my .conf file where nat-to is in my "quick" rule it would work but when it's at the first filter rule it does not? I've read over the man page and have the book of pf v.2 and still am confused. Any tought is greatly appreciated. Regards, Dain
