Hi, thanks for replying I was looking to use packet tagging though.
-----Original Message----- From: Wesley M. [mailto:[email protected]] Sent: Thursday, November 03, 2011 6:20 AM To: Bentley, Dain Cc: [email protected] Subject: Re: Packet Tagging issues with NAT in pf OBSD 4.9 Hi, try this sample _int = "re0" _ext = "fxp1" int_net = "192.168.200.0/24" set block-policy drop set skip on lo match in all scrub (no-df max-mss 1440) match out on $_ext inet from $int_net to any nat-to (egress) block log all pass in on $_int inet proto udp from $int_net to any port domain pass in on $_int inet proto tcp from $int_net to any port \ { www, https, ssh, pop3, imap, imaps, pop3s, submission, smtps } pass out on $_ext inet proto tcp all pass out on $_ext inet proto udp all All the best, Wesley MOUEDINE ASSABY. > _int = "re0" > _ext = "fxp1" > int_net = "192.168.200.0/24" > > pass out on $_ext tag LAN_NAT_TO_INET tagged LAN_TO_INET pass in on > $_int from $int_net tag LAN_TO_INET > > ...... > > pass out quick on $_ext tagged LAN_NAT_TO_INET nat-to ($_ext) > > > > Any reason why at the bottom of my .conf file where nat-to is in my "quick" > rule it would work but when it's at the first filter rule it does not? > I've > read over the man page and have the book of pf v.2 and still am confused. > Any > tought is greatly appreciated. > > > > Regards, > > Dain
