[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Switching from FreeBSD to OpenBSD and have hit a wall



* Trevor Talbot ([email protected]) [030605 22:32]:
> On Thursday, Jun 5, 2003, at 15:34 US/Pacific, Greg Rumple wrote:
> 
> >I guess I should test things before hitting send.  Below is what I 
> >have,
> >I typed in my live addresses versus test addresses, and lo and behold 
> >it
> >still didn't work.
> >
> >Anyway, with the following it works in my test lab.
> 
> If it works with test addresses, but not with live addresses, there must
> be something different about the live addresses.
No I meant when I typed the address's in myself (my test networks not
connected to anything real, so I had to re-type the entries), I for some
reason typed in the real addresses.  I had typed in the test addresses
on the test system.  AKA I need to learn to "proof read" what I say.
:-)
> I'll add numbers to the rules you posted; they should match the output
> of "pfctl -vvsn":
> 
>   0 binat on fxp0 from 1.2.3.231 to any -> 10.10.2.231
>   1 binat on fxp0 from 1.2.3.232 to any -> 10.10.2.232
>   2 binat on fxp1 from 1.2.3.231 to any -> 10.10.2.231
>   3 binat on fxp1 from 1.2.3.232 to any -> 10.10.2.232
>   4 binat on fxp0 from 10.10.2.231 to any -> 1.2.3.231
>   5 binat on fxp0 from 10.10.2.232 to any -> 1.2.3.232
>   6 binat on fxp1 from 10.10.2.231 to any -> 1.2.3.231
>   7 binat on fxp1 from 10.10.2.232 to any -> 1.2.3.232
> 
> Half of them should be unnecessary, unless there's something else going
> on with your network setup.  With 1.2.3/24 on fxp0, and 10.10.2/24 on
> fxp1, this is what should be happening:
Your correct, I'm on crack.  That's right.  Only the last 4 are
necessary.
I now have
pf.conf
----------------------
binat from 10.10.2.231 to any -> 1.2.3.231
binat from 10.10.2.232 to any -> 1.2.3.232
----------------------
And it works just fine.
-- 
Greg Rumple
[email protected]