Hello everyone.
Well, i'm having some problems getting NAT to work correctly for my internal
LAN. I just finished setting up my OpenBSD 3.1 Firewall/Gateway. Here is the
error im receiving when nat.conf tries to load:
/etc/nat.conf:18: syntax error
pfctl: syntax error in rule file: pf rules not loaded
I've been trying to troubleshoot my nat.conf to see what the problem is.
However, I cant seem to figure out what the problem is.
Let me post my pf and nat rules as well as my hostname info:
----------------------PF.CONF-------------------------------------
# Define useful variables
ext_if="{ dc0 }" # External Interface
int_if="{ dc1 }" # Our internal network range 192.168.1.0/24
NoRouteIPs="{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8,
255.255.255.255 }"
# Clean up fragmented and abnormal packets
scrub in all
# don't allow anyone to spoof non-routeable addresses
block in quick on $ext_if from $NoRouteIPs to any
block out quick on $ext_if from any to $NoRouteIPs
# by default, block all incoming packets, except those explicitly
# allowed by further rules
block in on $ext_if all
# and let out-going traffic out and maintain state on established
connections
# pass out all protocols, including TCP, UDP and ICMP, and create state,
# so that external DNS servers can reply to our own DNS requests (UDP).
block out on $ext_if all
pass out on $Ext_if inet proto tcp all flags S/SA keep state
pass out on $Ext_if inet proto udp all keep state
pass out on $Ext_if inet proto icmp all keep state
--------------------NAT.CONF--------------------------------
nat on $ext_if from 192.168.1.0/24 to any -> $ext_if
-------------------hostname files----------------
/etc/hostname.dc0
dhcp NONE NONE NONE
/etc/hostname.dc1
inet 192.168.1.1 255.255.255.0 NONE media autoselect
Also, here is the output when i run pfctl -v -R /etc/pf.conf
ext_if = { dc0 }
int_if = { dc1 }
NoRoute = { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255 }
@0 scrub in all
@1 block in quick on dc0 inet from 255.255.255.255/32 to any
@2 block in quick on dc0 inet from 192.168.0.0/16 to any
@3 block in quick on dc0 inet from 172.16.0.0/12 to any
@4 block in quick on dc0 inet from 10.0.0.0/8 to any
@5 block out quick on dc0 inet from any to 255.255.255.255/32
@6 block out quick on dc0 inet from any to 192.168.0.0/16
@7 block out quick on dc0 inet from any to 172.16.0.0/12 to any
@8 block out quick on dc0 inet from any to 10.0.0.0/8 to any
@9 block in on dc0 all
@10 block out on dc0 all
@11 pass out on dc0 inet proto tcp all flags S/SA keep state
@12 pass out on dc0 inet proto udp all keep state
@13 pass out on dc0 inet proto icmp all keep state
Any ideas on what is wrong with my nat.conf? I've tried editing it numerous
times, but still keep getting that error.
Thanks for everyones help.
Jason
