Tet's Journal: OpenBSD fail :-(

Bah. The hard drive on my firewall failed last night. I reinstalled onto a new drive this morning, but I can't get NATing to work :-( Packets are coming in on the internal interface, and leaving fine on the external interface, but aren't being NATed on the way through. I'm using a simplified pf.conf which looks like:

int = "fxp0"
ext = "rl0"

nat on rl0 from 192.168.8.4 to any -> 10.0.8.230

block in log
pass in log quick on $int
pass out log on $ext keep state

But packets are still leaving rl0 with a source IP of 192.168.8.4. Does anyone have any ideas about where I might be going wrong? Jorg?

Never used bsd but...

[Qzukk]

I might be completely way off base here, but (assuming "int" is the internal network, and the internal network is the network with the 192.168.8.4 address, since both IPs are private space so I can't just tell) shouldn't
nat on rl0 from 192.168.8.4 to any -> 10.0.8.230
be
nat on fxp0 from 192.168.8.4 to any -> 10.0.8.230
(or "nat on $int" to use the variable you helpfully set)

If it shouldn't be, then the syntax just appears to be backwards to the uninitiated (or my assumptions above are wrong), since it l

Re:

[Tet]

No, the syntax was correct. It was just that I'd forgotten that pf isn't enabled by default. OpenBSD has a habit of just working, so it's been ages since I last had to configure it from scratch. A simple "pf=YES" in rc.conf.local fixed the problem. D'oh!

Re:

[jawtheshark]

Hehe... Yeah, that's one of the things I often forget too. The problem is: you do this, what, 2 times a decade and tend to forget these things.

Wouldn't have been able to tell you immediately, but I'd have delved in some of the notes I have lying around. Glad you got it working.