Paolo, You may need to use the bitmask directive.
bitmask - grafts the network portion of the pool address over top of the address that is being modified (source address for nat-to rules, destination address for rdr-to rules). Example: if the address pool is 192.0.2.1/24 and the address being modified is 10.0.0.50, then the resulting address will be 192.0.2.50. If the address pool is 192.0.2.1/25 and the address being modified is 10.0.0.130, then the resulting address will be 192.0.2.2. http://www.openbsd.org/faq/pf/pools.html -- Calomel @ https://calomel.org Open Source Research and Reference On Sat, Jun 05, 2010 at 11:41:43AM -0400, Paolo Reyes Balleza wrote: >Hello all, > >I was using pf's (OBSD 4.6) binat for openvpn purposes with >192.168.0.0/24 binatted to 192.0.2.0/24 since I can't renumber the local >LAN to avoid the overlap. > >This doesn't work with current: >match on tun0 from 192.168.0.0/24 to any binat-to 192.0.2.0/24 >for the entire subnet any more. > >Everything gets routed to 192.168.0.0 no matter what "external" host >address I use. It used to be that 192.0.2.1 would map out to >192.168.0.1. > >One to one mapping does work though. > >Is this the new behaviour of pf? > >Just asking because it'd be a PITA to map each host. > >Cheers and thanks in advance.
