Hello Stuart and thanks for your reply.
It still doesn't help, this seems to work but I'm not sure if this is a good
config:
# NAT RULES
match out on $ext tagged LAN nat-to ($ext)
# BLOCKING AND PACKET TAGGING
pass in on $int from $int_net tag LAN
#pass in on $int tag LAN
block out on $ext from any to any
pass out quick on $ext tagged LAN
________________________________________
From: owner-m...@openbsd.org [owner-m...@openbsd.org] On Behalf Of Stuart
Henderson [s...@spacehopper.org]
Sent: Thursday, November 03, 2011 6:53 AM
To: misc@openbsd.org
Subject: Re: Packet Tagging issues with NAT in pf OBSD 4.9
you aren't using tagging in your sample.
On 2011-11-03, Wesley M. <open...@e-solutions.re> wrote:
> Hi, try this sample
>
> _int = "re0"
> _ext = "fxp1"
> int_net = "192.168.200.0/24"
> set block-policy drop
> set skip on lo
> match in all scrub (no-df max-mss 1440)
> match out on $_ext inet from $int_net to any nat-to (egress)
> block log all
> pass in on $_int inet proto udp from $int_net to any port domain
> pass in on $_int inet proto tcp from $int_net to any port \
> { www, https, ssh, pop3, imap, imaps, pop3s, submission, smtps }
> pass out on $_ext inet proto tcp all
> pass out on $_ext inet proto udp all
>
>
> All the best,
>
> Wesley MOUEDINE ASSABY.
>
>
>> _int = "re0"
>> _ext = "fxp1"
>> int_net = "192.168.200.0/24"
>>
>> pass out on $_ext tag LAN_NAT_TO_INET tagged LAN_TO_INET
>> pass in on $_int from $int_net tag LAN_TO_INET
>>
>> ......
>>
>> pass out quick on $_ext tagged LAN_NAT_TO_INET nat-to ($_ext)
>>
>>
>>
>> Any reason why at the bottom of my .conf file where nat-to is in my
> "quick"
>> rule it would work but when it's at the first filter rule it does not?
>> I've
>> read over the man page and have the book of pf v.2 and still am
> confused.
>> Any
>> tought is greatly appreciated.
>>
>>
>>
>> Regards,
>>
>> Dain
