Date: Fri, 21 Jan 2005 08:20:45 -0600 From: "Andrew L. Gould" <algould@datawok.com> To: freebsd-questions@freebsd.org Subject: 'nat pass' not working in PF Message-ID: <200501210820.45744.algould@datawok.com>
next in thread | raw e-mail | index | archive | help
I'm running pf in FreeBSD 5.3 on my laptop. The filters for the local box work fine. I'm also working on a pc for a friend; but ran out of ethernet ports in my router. This pc doesn't have a wireless adapter; so I adjusted my pf rules to use my laptop as a gateway for the pc. I want my filters to remain intact for the laptop; but I want nat to let all the pc's traffic through. (It has it's own firewall.) According the OpenBSD pf tutorial, adding the word 'pass' after 'nat' in the nat command will allow nat traffic to bypass the filter rules. Unfortunately, this doesn't seem to work. If my default 'block log all' rule is left uncommented, I can only ping ip addresses (not host names that require nameservers). No other activity passes through. If I comment it out, all traffic passes; but my laptop is left unprotected. Any advice? The relevant lines from my pf rules follow: ifdev = "ath0" natdev = "fxp0" scrub in all no-df nat pass on $ifdev from $natdev:network to any -> $ifdev icmp_types = "echoreq" block log all #other filtering rules follow Thanks, Andrew Gould
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501210820.45744.algould>