[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PF - problem with NAT & policy based rules

I'm building a new firewall, or rather an HA pair using OpenBSD, pf, carp, pfsync, etc.. I'm writing a new pf.conf configuration as well. I'm trying to do policy based rules (i.e. tagging), using the PF FAQ (ftp://ftp.openbsd.org/pub/OpenBSD/doc/pf-faq.txt) and in the example it has the following line to setup NAT.

nat on $ext_if tagged LAN_INET tag LAN_INET_NAT -> ($ext_if)

The problem is that pfctl complains about a syntax problem with that line. I've tried various permutations but have not found the right combination. I have the $ext_if macro defined. Once the right syntax is found I'll try and get the FAQ updated and corrected, assuming it is incorrect.