On 2026-05-29, Kapetanakis Giannis <[email protected]> wrote: > This is a multi-part message in MIME format. > --------------tP9DK5e7LoKTHeHZVjR1FrdT > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: 7bit > > On 29/05/2026 13:04, Henning Brauer wrote: >> * Kapetanakis Giannis <[email protected]> [2026-05-27 15:49]: >>> The whole thing makes sense, it is just the FAQ that confused me, since I >>> never used match rules before.\ >> diffs welcome ;) > Reading again the nat faq, a couple of lines before it has it correctly: > > The general format in |pf.conf| looks something like this: > > match out on interface [af] \ > from src_addr to dst_addr \ > nat-to ext_addr [pool_type] [static-port] > [...] > pass out [log] on interface [af] [proto protocol] \ > from *ext_addr* [port src_port] \ > to dst_addr [port dst_port] > > > So for now, only that part need to be fixed later on > > --- /tmp/nat.html 2026-05-29 16:08:36.608122404 +0300 > +++ nat.html 2026-05-29 16:09:11.295008459 +0300 > @@ -336,7 +336,7 @@ > > <pre class="cmdbox"> > match out on tl0 from 192.168.1.0/24 to any nat-to 198.51.100.1 > -pass on tl0 from 192.168.1.0/24 to any > +pass on tl0 from 198.51.100.1 to any > </pre>
that isn't quite doing the same thing though. I think it might be better to use tags in that situation: match out on tl0 from 192.168.1.0/24 to any nat-to 198.51.100.1 tag natted_from_lan pass on tl0 tagged natted_from_lan or possibly do something with received-on like match out on tl0 from 192.168.1.0/24 to any nat-to 198.51.100.1 tag natted_from_lan pass on tl0 received-on $interface_that_has_192.168.1.0/24_on
