Sorry for forgotting the rest, here you are : ext_if is actlually working, configures to an adsl box using DHCP and actually lynx displays pages.
int_if is the local network that I want to go through openbsd box to access to internet so I can filter with pf. The configuration is a standard nat rule + packet forwarding between the two interfaces so called em0 and em1 resp ext_if and int_if. As indicated before, I have pf enables, inet forward lines uncommented in sysctl.con Packets are received on int_if but not forwarded to ext_if. Did I miss something ? Here below pf.conf 2009/5/9 Robert <rob...@openbsd.pap.st> > On Sat, 9 May 2009 22:52:32 +0200 > Jean-Frangois SIMON <jfsimon1...@gmail.com> wrote: > # cat /etc/pf.conf > # $OpenBSD: pf.conf,v 1.38 2009/02/23 01:18:36 deraadt Exp $ > # > # See pf.conf(5) for syntax and examples; this sample ruleset uses > # require-order to permit mixing of NAT/RDR and filter rules. > # Remember to set net.inet.ip.forwarding=1 and/or > net.inet6.ip6.forwarding=1 > # in /etc/sysctl.conf if packets are to be forwarded between interfaces. > > ext_if="em0" > int_if="em1" > > set loginterface $ext_if > set require-order no > set skip on lo > scrub in all > > # NAT/filter rules and anchors for ftp-proxy(8) > #nat-anchor "ftp-proxy/*" > #rdr-anchor "ftp-proxy/*" > nat on $ext_if from ($int_if:network) -> ($ext_if) > #rdr pass on ! egress proto tcp to port ftp -> 127.0.0.1 port 8021 > #anchor "ftp-proxy/*" > #pass out proto tcp from $proxy to any port ftp > > # NAT/filter rules and anchors for relayd(8) > #rdr-anchor "relayd/*" > #anchor "relayd/*" > > # NAT rules and anchors for spamd(8) > #table <spamd-white> persist > #table <nospamd> persist file "/etc/mail/nospamd" > #no rdr on egress proto tcp from <nospamd> to any port smtp > #no rdr on egress proto tcp from <spamd-white> to any port smtp > #rdr pass on egress proto tcp from any to any port smtp -> 127.0.0.1 port > spamd > > #block in > pass in > pass out > > #pass in on $int_if proto tcp to any port 80 > > #block in quick from urpf-failed to any # use with care > > # By default, do not permit remote connections to X11 > block in on ! lo0 proto tcp from any to any port 6000 > > antispoof for ext_if > > > Hello, > > Please can you help me with this : > > > > I just installed the 4.5 OpenBSD, set up the inet forwarding for > > unicast and multicase, include the standard NAT rule in pf.conf such > > as : nat on $ext_if from ($int_if:network) -> ($ext_if) > > enable pf > > check with pfctl -s nat that the correct rule is set. > > > > That does not work, with tcpdump i see that packets are not > > forwarded, i see them on int_if but not on ext_if. > > > > Can you give me some help to find out where the problem is ? > > > > Thanks. > > > Because you dont have a pass rule they get blocked? > Guessing only goes so far. > > Tell us what you want to do. > Tell us what you tried to get it working. > Tell us what is in your relevant configs. > > Perhaps then someone can tell you what to do. > > - Robert
