Re: [Fwbuilder-discussion] pf - nat failed -> next try :(

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello,

Sorry - but I'm back again.
Whatever I do - I dont get NAT running on my OpenBSD System.

> >> Interface objects of the firewall are marked as "unnumbered".
> >> This may cause all sorts of problems, I suggest you configure 
> >> interface objects with correct ip addresses. Sometimes 
> compiler needs 
> >> to associate certain rules with interfaces, it does that 
> by comparing 
> >> addresses used in rules with addresses of interfaces.

I give every interface it's own address - to prevent the 
"unnumbered" problems.

I simplified the whole thing e.g. remove most of the prolog lines 
and "simplified" the NAT rule so the only thing I want is: nat 
all traffic from one specified workstation (10.100.102.67) in the 
internal network to the external network and set the translated 
source to the carp1 interface IP (192.168.129.1).

I attach the generated fw.conf and the fw.fwb file and the 
"pfctl -s all" output, where you cann see the connection between 
10.100.102.67 and 192.168.129.99 is affected by nat.

all tcp 10.100.102.67:45762 -> 192.168.129.99:22  FIN_WAIT_2:FIN_WAIT_2

The testsystem looks like:

External LAN 192.168.129.0/24
  ^
  |
  |   Master Firewall
 ------------------------------------
|Real external fxp1:  192.168.129.2   |
|CARP external carp1: 192.168.129.1   |fxp2 192.169.127.2
|                                     |------------------>
|CARP internal carp0: 10.100.199.1    |
|Real internal: fxp0: 10.100.199.2    | 
 -------------------------------------
  |
  |
Internal LAN 10.100.0.0/16

Hopefully somone found my mistake.

regards,
Thomas