[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF - problem with NAT & policy based rules



On Fri, Sep 23, 2005 at 03:00:12PM -0400, Chad M Stewart wrote:
> 
> nat on $ext_if tagged LAN_INET tag LAN_INET_NAT -> ($ext_if)
> 
> The problem is that pfctl complains about a syntax problem with that  
> line.
[/home/jrrs] $ echo "nat on em0 tagged 1 tag 2 -> (em0)" | pfctl -nvf-
stdin:1: syntax error
[/home/jrrs] $ echo "nat on em0 tag 2 tagged 1 -> (em0)" | pfctl -nvf-
nat on em0 all tag 2 tagged 1 -> (em0) round-robin
  seems consistent with: 
--[pf.conf(5)]--
     nat-rule       = [ "no" ] "nat" [ "pass" [ "log" [ "(" logopts ")" ] ] ]
                      [ "on" ifspec ] [ af ]
                      [ protospec ] hosts [ "tag" string ] [ "tagged" string ]
                      [ "->" ( redirhost | "{" redirhost-list "}" )
                      [ portspec ] [ pooltype ] [ "static-port" ] ]
---------------
  jared
-- 
[ openbsd 3.8 GENERIC ( sep 10 ) // i386 ]