> pass out on egress from trunk:network to any nat-to egress
> pass out on egress
Looks like you (incorrectly) assumed that first matching rule wins?
On 12/20/21 15:05, Ben Raskin -X (braskin - HIGH TECH GENESIS INC at
Cisco) wrote:
> Hello, Misc;
>
> I'm attempting to configure a firewall using pf and have been having
> some troubles with NAT.
>
> The following is my config
>
> set skip on lo
> block all
> pass in on trunk from trunk:network to trunk:network
> pass out on egress from trunk:network to any nat-to egress
> pass out on egress
>
> Where trunk interface group is the internal interface. I am able
> to ping hosts on my intetrnal network from an arbitrary host on
> said network, however, I'm not able to ping some other host say
> 1.1.1.1.
>
> I've set sysctl variables for both ipv4 and ipv6 forwarding
> however nat stil doesn't work. Can anyone point me in the right
> direction, and show me where I went wrong? Thank you in advance.
>
>
> Ben Raskin
>
No comments:
Post a Comment