Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
OPenBSD and nat issues.
Results 1 to 10 of 10

Thread: OPenBSD and nat issues.

  1. #1
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    OPenBSD and nat issues.

    I am having difficulty getting NAT to work. I currently have the port forwarding setup, the PF set to go on, and a pair of rules to allow all traffic in and out. My nat rule is as follows:

    nat on xl0 from ne3:network to any -> (xl0)

    I know the line is good, but for some reason it just wont nat. It allows ssh, dhcp reqests, etc. Just no damn nat!

    Ideas?

    Thanks
    Andrew

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    419

    Re:OPenBSD and nat issues.

    did you setup the NAT rules after you initially setup your PF rules? I bet you're not reloading the NAT rules. 'pfctl -R -f /etc/pf.conf' will only reload the PF ruleset. NAT is not included in that. In order to do NAT you must do 'pfctl -N -f /etc/pf.conf'.

    Let me know that works. And if it does, 'man pfctl' for more info on crazy flags it uses. :-)

    BTW, my NAT rule just looks like this.

    "nat on $ext_if inet -> ($ext_if)"

    Just does NAT on the external interface and rewrites all outgoing packets with the IP of the external interface.

    PF is simply amazing...

  3. #3
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:OPenBSD and nat issues.

    No, the rules are there as specified. I can see the nat rule by going:

    pfctl -sn

    Which shows the nat rule(s). It is getting updated. It is something else I think. I dunno, I am getting an iso as we speak of 3.0. I will try that and upgrade to each successive release until it either breaks (and go one back) or I get success on 3.5.

    I am utterly lost as to what is wrong here.

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    419

    Re:OPenBSD and nat issues.

    Hmm, you don't have any 'no nat' rules before the NAT rule, do you? You probably know the ruleset works on a last match basis, but the NAT rules work on a first match basis (like IPFW on FreeBSD). Would you mind posting a bit (or all) of your ruleset so I can see where the problem may lie. I'm running PF on OpenBSD 3.5, but I doubt there's any real difference between my config and yours.

    BTW, do you have IP forwarding enabled? That could also be an issue. You can change it with 'sysctl -w ....' or just change the value in /etc/rc.conf and restart.

  5. #5
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:OPenBSD and nat issues.

    no just the three rules

    1 nat
    2 pass all in
    3 pass all out


    Not much to really screw up ;D

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    419

    Re:OPenBSD and nat issues.

    IP forwarding is enabled, right?

    I think it's "pass all in" and "pass all out" too.

  7. #7
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:OPenBSD and nat issues.

    yep and yep.

    I was paraphrasing. I have shown alot of people the files and the exact syntaxes to get a dumb look, and "Damn, WTF isn't right??!"

    The pf commands I am sure are right. Its something to do with the rest that isnt. As far as I recall and could find, all I needed to do was enable pf, and set ipforwarding on -- easiest place being in /etc/rc.conf.

  8. #8
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:OPenBSD and nat issues.

    Well it wasnt 3.5. 3.0 is doing the same thing. I am going to have to take a deeper look at what is going on.

  9. #9

    Re:OPenBSD and nat issues.

    [quote author=Schotty link=board=10;threadid=9435;start=0#msg85717 date=1088796158]
    Well it wasnt 3.5. 3.0 is doing the same thing. I am going to have to take a deeper look at what is going on.
    [/quote]

    Post the answer when you figure it out. You might want to try asking at bsdvault.net as well.

  10. #10
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:OPenBSD and nat issues.

    Thanks ash.

    I put it on the back burner for now. I was wayyy too busy the past couple weeks to really care. Hopefully it improves in the near future.

Similar Threads

  1. Openbsd CDs
    By dc7 in forum Linux - General Topics
    Replies: 4
    Last Post: 02-08-2007, 03:04 PM
  2. OpenBSD 3.6
    By gaxprels in forum BSD
    Replies: 0
    Last Post: 10-29-2004, 08:27 PM
  3. OpenBSD
    By kenshi in forum General Chat
    Replies: 7
    Last Post: 04-01-2004, 01:36 AM
  4. OpenBSD iso?
    By gmoreno in forum Linux - General Topics
    Replies: 8
    Last Post: 12-08-2002, 12:25 AM
  5. OpenBSD 3.2
    By gaxprels in forum BSD
    Replies: 2
    Last Post: 11-19-2002, 03:47 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •