My apologies. For some reason I missed that the pf FAQ hasn't been updated to the latest current snapshots.
I'm assuming sysctl net.inet.ip.forwarding is set correctly. Your last matching rule looks like it may be the problem. On Tue, Dec 29, 2009 at 5:08 PM, Wade, Daniel <dw...@meridium.com> wrote: > That's for 4.6 and the syntax is completely different from 4.6 to -current > > > > ----- Original Message ----- > From: Johan Beisser <j...@caustic.org> > To: Wade, Daniel > Sent: Tue Dec 29 20:02:34 2009 > Subject: Re: Problem with nat-to on -current > > On Tue, Dec 29, 2009 at 4:06 PM, Wade, Daniel <dw...@meridium.com> wrote: >> What am i missing here? I can't get out to the internet from my inside >> network. Internet access from my openbsd firewall is just fine. >> >> ext_if="ep0" >> int_if="fxp1" >> >> set skip on lo >> set loginterface fxp1 >> >> block in log on $ext_if >> pass in on $int_if from $int_if:network to any >> match out on $ext_if from $int_if:network nat-to ($ext_if) >> pass out on ep0 from any to any > > http://www.openbsd.org/faq/pf/nat.html
