silly pf config issues - update
Jens Ropers
ropers at ropersonline.com
Sun Sep 10 12:35:15 PDT 2006
> Date: Sun, 10 Sep 2006 14:54:40 +0200
> From: Daniel Hartmeier <daniel at benzedrine.cx>
> Subject: Re: silly pf config issues - update
> To: steve szmidt <steve at szmidt.org>
> Cc: openbsd-newbies at sfobug.org
>
> NAT happens before filtering. When your NATed packets go out on bge0,
> they no longer have those 192.158/16 source addresses, hence the table
> rules don't match.
Hey, thanks a bunch for that! :-)
My (inevitably curious) follow-up question is: Does NAT *always*
happen before filtering, or just in Steve's scenario as detailed
before?
In other words: --to stay with Steve's case-- Given that $WAN is his
ext_if and $LAN is his int_if, could he filter on $LAN? Would those
filtering rules get applied before the packets get NATtified or am I
totally confused again?
Thanks, Jens
More information about the Openbsd-newbies
mailing list