My NAT is not working at all.

I have port forwarding setup (set to 1).

My pf.conf file is really basic.


WAN = "xl0"
LAN = "ne3"

nat on $WAN from $LAN:network to any -> ($WAN)

pass out all keep state
pass in all keep state


as for if my client can talk to the server -- yes. I have DHCP setup as well, and I get the IP, hostname, and dns info. I can ssh in, ping it, the whole shit and caboodle. Except the NAT part.

Any ideas as to what may be going on? From what I have seen, the pf.conf rules are fine. I read and read and read looking for something other than the port forwarding that needed to be checked. Nada. Oh, and yes the unit can talk to the net fine, ping, browse, ftp, etc.

Thanks.

The NAT line looks ok, not sure why it dont like it. I have had issues in the past where i had to actually specify the interface, but I would think that has been fixed quite awhile ago.

nat on xl0 from ne3:network to any -> (xl0)

Yeah, tht still didnt work. Actually I think I tried not using any variables like that after two hours of screwing around.

I am debating dropping 3.5, for OpenBSD 3.1. I know the syntax well for that, and I know that my notes are still valid for it. Of course I am going to see if I can figure out my mistake or omission first.

Thanks much!
Andrew

Did anyone find a solution to this problem?

I have just installed OpenBSD 3.5 as a firewall, I am able to ssh in that box from behind it and from the outside but I am unable to browse the web from any of the client machine.

I did also tested with pf.conf having the basic configuration as shown above with no results.

I have also looked at this post.

http://screamingelectron.org/forum/showthread.php?t=1156

Any ideas?

I have just installed OpenBSD 3.5 as a firewall, I am able to ssh in that box from behind it and from the outside but I am unable to browse the web from any of the client machine.

I know this is probably obvious, but do you have IP Forwarding enabled on the firewall? I am running 3.5 at home with a basic ruleset and it works fine.

Yes I have made it in sysctl.conf

net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of packets

I am sure that I am missing something so obvious but I can't think of it.

While we're talking about the obvious, you have enebaled pf/NAT in /etc/rc.conf right? You sure your NAT rule isn;t reversed right? I've often reversed my NAT rule thus screwing myself for hours on end while I try to figure out what idiot mistake I made.

I've often reversed my NAT rule thus screwing myself for hours on end while I try to figure out what idiot mistake I made.

And that kids, is the best reason I can think of to stay away from PBR :silly:

it usually happens about 5 pbrs deep.

Lol

While we're talking about the obvious, you have enebaled pf/NAT in /etc/rc.conf right?

That was it, I enbaled the dhcpd in rc.conf but forgot about the pf.

And talking about the PBR, I believe I am going through withdrawal symptoms, just came back from my European vacation and the place I have been, the local PBR was about $CDN 0.60. After three of those you stop counting and after two days of walking through the mountains PBR becomes like a Tylenol just keeps the pain away.

Thanks Elmore!!!!!!!!!