Hi list
I think I have found a typo in the pf NAT FAQ here:
https://www.openbsd.org/faq/pf/nat.html. In the
"Configuring NAT" section it says:
The general format in pf.conf looks something like this:
match out on interface [af] \
from src_addr to dst_addr \
nat-to ext_addr [pool_type] [static-port]
[...]
pass out [log] on interface [af] [proto protocol] \
from ext_addr [port src_port] \
to dst_addr [port dst_port]
As you can see, the pass rule says "from ext_addr".
But beneath the description of the various options, it
says:
This would lead to a most basic form of these lines similar to this:
match out on tl0 from 192.168.1.0/24 to any nat-to 198.51.100.1
pass on tl0 from 192.168.1.0/24 to any
Here you can see that the "from" part is what the
above description calls the src_addr, not the
ext_addr, as it claims. This makes much more sense and
is consistent with all the other documentation that
I've seen.
So could it be a typo in the docs? Or have I missed some things?
Thanks in advance
Stephan
