On 1/12/2010 9:03 PM, Jim Razmus wrote:
* Shohrukh Shoyoqubov<shohrukh.shoyoku...@gmail.com> [100112 01:35]:
Hello,
I am new to pf and I am trying to do binat but it is not working for
some reason.
fxp1 is the interface on subnet 192.168.0.0/24
vr0 is the interface on subnet 192.168.2.0/24
Here is my pf.conf
#left from the original pf.conf
set skip on lo
pass # to establish keep-state
block in on ! lo0 proto tcp to port 6000:6010
#added by me
binat on fxp1 inet from 192.168.2.2 to any -> 192.168.0.253
I want all traffic to 192.168.0.253 to be forwarded to 192.168.2.2. I
assume that should make 192.168.0.253 visible in 192.168.0.0/24
subnet, but it is not. I can't reach it from 192.168.0.0/24 subnet.
I am just testing with this lab config and later, I want to use binat
to assign real IPs to DMZ machines.
I believe I am missing something obvious. Any ideas?
Thank you,
Shohrukh
If you're tracking -current, read this:
http://www.openbsd.org/faq/current.html#20090901
jim
Thanks. Good to know ahead :)
I am using 4.6 release. It uses the 'old-style' nat. The match based
rules are only in -current and gonna be in 4.7, right?
shohrukh
