From owner-freebsd-pf@freebsd.org  Mon Mar 12 13:27:52 2018
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C130BF460D2
 for <freebsd-pf@mailman.ysv.freebsd.org>; Mon, 12 Mar 2018 13:27:52 +0000 (UTC)
 (envelope-from info@rickvanderzwet.nl)
Received: from aardbei.vanderzwet.net (aardbei.vanderzwet.net
 [IPv6:2001:984:ac89:1:1234:5678:30:1])
 by mx1.freebsd.org (Postfix) with ESMTP id 6610F7B579
 for <freebsd-pf@freebsd.org>; Mon, 12 Mar 2018 13:27:51 +0000 (UTC)
 (envelope-from info@rickvanderzwet.nl)
Received: from rickvanderzwet.nl (aardbei.vanderzwet.net [80.127.152.30])
 by aardbei.vanderzwet.net (Postfix) with ESMTP id 10CA4A6C8483
 for <freebsd-pf@freebsd.org>; Mon, 12 Mar 2018 13:27:44 +0000 (UTC)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 12 Mar 2018 14:27:43 +0100
From: Rick van der Zwet <info@rickvanderzwet.nl>
To: freebsd-pf@freebsd.org
Subject: NAT possible with single interface box?
Message-ID: <f6c9dffed567fdf0218ae34fc3097062@rickvanderzwet.nl>
X-Sender: info@rickvanderzwet.nl
User-Agent: Roundcube Webmail/1.3.3
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2018 13:27:52 -0000

Hi,

Could NAT translation be done with a single interface system without the 
use of VLANs?

I have ,a rather odd, (simplified) network configuration:
   - single interface system (Router) which has two private IP addresses 
172.16.0.10/24 and 192.168.1.10/24.
   - The gateway (to the internet) is found at 192.168.1.1
   - The Client with IP 172.16.0.20/24
The Client (cannot be modified) is supposed to connect to the internet 
via the Router.


My pf rules on Router are:
   nat on sis0 inet proto tcp from 172.16.0.0/24 to !172.16.0.0/24 -> 
192.168.1.10


Router is configured to allow routing:
   net.inet.ip.forwarding=1


pf.conf(5) tell me it will do translation on pass through packets:
      Translation rules apply only to packets that pass through the 
specified
      interface,	and if no interface is specified, translation is applied 
to
      packets on	all interfaces.


Looking at tcpdump of the router I do not see packages been translated 
yet only being forwarded, which leaves me wondering could this be done 
at all?

Best regards,
-Rick