[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PF - problem with NAT & policy based rules
I'm building a new firewall, or rather an HA pair using OpenBSD, pf,
carp, pfsync, etc.. I'm writing a new pf.conf configuration as
well. I'm trying to do policy based rules (i.e. tagging), using the
PF FAQ (ftp://ftp.openbsd.org/pub/OpenBSD/doc/pf-faq.txt) and in the
example it has the following line to setup NAT.
nat on $ext_if tagged LAN_INET tag LAN_INET_NAT -> ($ext_if)
The problem is that pfctl complains about a syntax problem with that
line. I've tried various permutations but have not found the right
combination. I have the $ext_if macro defined. Once the right
syntax is found I'll try and get the FAQ updated and corrected,
assuming it is incorrect.