Anthony Schlemmer <aschlemmattbi.com> writes:

> I can't help but notice that the IP address you've specified in your NAT
> rule is different that the one specified on the xl0 interface. On xl0
> you have 194.54.107.19 but in your NAT rule you have 194.54.107.17
> instead.

Thanks! Yes, that was the core of my problem. Thanks for spotting that one.

> When I've set up NAT rules for my gateway/firewall system I use the
> external interface name in the NAT rules so I don't have to worry about
> what the IP address is on the external inteface. I would think you
> would want the NAT rule to be:
>
> nat on xl0 from 192.168.103.0/24 to any -> xl0

Works like a charm. Simply wonderful. Now I can make my wife happy
again by moving all this gear back in the closet where it belongs.

> If the IP address changes on the xl0 interface because the address is
> assigned via DHCP, then you would want to enclose the interface name in
> parenthesis so it is re-evaluated in case you ever get a different IP
> address via DHCP:
>
> nat on xl0 from 192.168.103.0/24 to any -> (xl0)

Another sign of how sanely the the pf interface is designed. I love
this OS. This sounds extremely useful, should my ISP try to force
DHCP down my throat. I'll make sure to pass on the tip to whoever
needs it in my neighborhood.

Once again, thanks so much for spotting a really silly error which
made my day rather horrible (but then again I've spent most of the
time since then enjoying myself in London with my wife, so it could
have been worse).

- P

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/	http://www.datadok.no/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]