Clint Pachl wrote:
Stephen Bosch wrote:
In the NAT section of my pf.conf, I have the following command:
binat on $enc_if from $HostA_private_IP to <RemoteB_private_subnets>
-> $HostA_private_NAT_IP
Try "binat pass ..."
Done.
In the FILTER section, I have:
pass in on $enc_if from <RemoteB_private_subnets> to \
HostA_private_NAT_IP
pass out on $enc_if from $HostA_private_NAT_IP to \
<RemoteB_private_subnets>
Remove the "pass out ..." rule.
Done.
Do I need to add routes to make this work? I thought that setting up
SAs in isakmpd did this automatically, but when I traceroute from
HostA_private_IP, it looks like the traffic is going out the public
interface.
Or is the problem with my NAT statement?
-Stephen-
Just a trial and error suggestion.
Thanks. No joy yet. Traceroute traffic is still going out the public
interface when I try to ping a host on <RemoteB_private_subnets>...
-S
