From owner-freebsd-pf@FreeBSD.ORG  Tue Jul 28 21:18:41 2009
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 076231065698
	for <freebsd-pf@freebsd.org>; Tue, 28 Jul 2009 21:18:41 +0000 (UTC)
	(envelope-from elliott@mywedding.com)
Received: from smtp147.dfw.emailsrvr.com (smtp147.dfw.emailsrvr.com
	[67.192.241.147])
	by mx1.freebsd.org (Postfix) with ESMTP id DC3E28FC0C
	for <freebsd-pf@freebsd.org>; Tue, 28 Jul 2009 21:18:40 +0000 (UTC)
	(envelope-from elliott@mywedding.com)
Received: from relay4.relay.dfw.mlsrvr.com (localhost [127.0.0.1])
	by relay4.relay.dfw.mlsrvr.com (SMTP Server) with ESMTP id 2B10C10CC32E
	for <freebsd-pf@freebsd.org>; Tue, 28 Jul 2009 16:59:02 -0400 (EDT)
Received: by relay4.relay.dfw.mlsrvr.com (Authenticated sender:
	elliott-AT-mywedding.com) with ESMTPSA id F349610CC430
	for <freebsd-pf@freebsd.org>; Tue, 28 Jul 2009 16:59:01 -0400 (EDT)
Message-Id: <F8BCDF7F-400D-4134-BC62-A7BE16F40C00@mywedding.com>
From: Elliott Barrere <elliott@mywedding.com>
To: freebsd-pf@freebsd.org
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Tue, 28 Jul 2009 13:56:30 -0700
X-Mailer: Apple Mail (2.935.3)
Subject: CARP and NAT
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2009 21:18:41 -0000

Hi everyone, please excuse my noobiness.

I have a basic firewall setup with CARP running on the LAN and WAN  
interfaces.  CARP and pfsync seem to be functioning properly.  The  
problem is I can't seem to figure out how to make pf NAT from the  
internal network to the carp1 interface IP on the outside (packets  
always end up coming from the IP of the physical interface in question).

I thought I could do something like:

nat on $carp_if from $lan_net to any -> ($carp_if)

but that doesn't work.  Can anyone provide me examples of a setup  
using CARP and NAT?  I feel like this should be pretty common...


Thanks!

:: elliott barrere :: 206.855.7011 ::