http://www.openbsd.org/faq/pf/tagging.html
From: Axton [axton.gr...@gmail.com]
Sent: Thursday, November 03, 2011 2:51 PM
To: Bentley, Dain
Cc: Stuart Henderson; misc@openbsd.org
Subject: Re: Packet Tagging issues with NAT in pf OBSD 4.9
On Thu, Nov 3, 2011 at 1
On Thu, Nov 3, 2011 at 1:33 PM, Bentley, Dain wrote:
> Hello Axton...cool name by the way.
>
> I noticed the match statements work for me as well, Perhaps it is
> required?
This changed with 4.7: http://openbsd.org/faq/upgrade47.html#newPFnat
More details available here:
http://marc.info/?l=op
: Re: Packet Tagging issues with NAT in pf OBSD 4.9
On Thu, Nov 3, 2011 at 12:26 PM, Bentley, Dain
mailto:dbent...@nas.edu>> wrote:
Hello Stuart and thanks for your reply.
It still doesn't help, this seems to work but I'm not sure if this is a good
config:
# NAT RULES
match out on
.org] On Behalf Of Stuart
> Henderson [s...@spacehopper.org]
> Sent: Thursday, November 03, 2011 6:53 AM
> To: misc@openbsd.org
> Subject: Re: Packet Tagging issues with NAT in pf OBSD 4.9
>
> you aren't using tagging in your sample.
>
> On 2011-11-03, Wesley M. wrote:
> &g
ssues with NAT in pf OBSD 4.9
you aren't using tagging in your sample.
On 2011-11-03, Wesley M. wrote:
> Hi, try this sample
>
> _int = "re0"
> _ext = "fxp1"
> int_net = "192.168.200.0/24"
> set block-policy drop
> set skip on lo
> m
you aren't using tagging in your sample.
On 2011-11-03, Wesley M. wrote:
> Hi, try this sample
>
> _int = "re0"
> _ext = "fxp1"
> int_net = "192.168.200.0/24"
> set block-policy drop
> set skip on lo
> match in all scrub (no-df max-mss 1440)
> match out on $_ext inet from $int_net to any nat-to (
On 2011-11-03, Bentley, Dain wrote:
> Hello all,
>
> I recently stood up an OpenBSD server to replace and older ASA. I read the
> faq and was interested in the packet tagging aspect because I have a DMZ and
> it makes the rule set seem more readable to my brain..
>
> In any case I have the follow
Hi, thanks for replying
I was looking to use packet tagging though.
-Original Message-
From: Wesley M. [mailto:open...@e-solutions.re]
Sent: Thursday, November 03, 2011 6:20 AM
To: Bentley, Dain
Cc: misc@openbsd.org
Subject: Re: Packet Tagging issues with NAT in pf OBSD 4.9
Hi, try this sample
_int = "re0"
_ext = "fxp1"
int_net = "192.168.200.0/24"
set block-policy drop
set skip on lo
match in all scrub (no-df max-mss 1440)
match out on $_ext inet from $int_net to any nat-to (egress)
block log all
pass in on $_int inet proto udp from $int_net to any port domain
pass
Hello all,
I recently stood up an OpenBSD server to replace and older ASA. I read the
faq and was interested in the packet tagging aspect because I have a DMZ and
it makes the rule set seem more readable to my brain..
In any case I have the following taken from the PF faqs on the OpenBSD
website
10 matches
Mail list logo
