Which version of OpenBSD are you using? Can you post your full pc.conf so we can see it in context?
You should find the
OpenBSD FAQ section on NAT quite helpful.
Quote:
Originally Posted by IMNOboist
I'm confused about how NAT is working. I currently have the following line:
match out on $ext_if from !(egress:network) to any nat-to $default_out
Which works. $default_out is one of the static IP addresses assigned to $ext_if.
However, I have certain systems that I want to go out of a different IP address (I have five statics). I tried this:
match out on $ext_if from 172.16.111.1 to any nat-to $static2
where $static2 is a different static address. After loading the ruleset, when I browse with 172.16.111.1, when I google "ip" it shows the address from $default_out.
I've tried adding the quick keyword to the $static2 NAT and moving it above the $default_out NAT but no beans.
Why isn't this working?
|
Not quite in the correct format - should be
Code:
pass out on tl0 from 192.168.1.0/24 to any nat-to 24.5.0.5
or to follow the
FAQ recommendation replace the addresses with the interface names.
The above refers to NAT overload (or rather PAT - port address translation) though, many internal RFC1918
addresses sharing one external public ip address...
Quote:
|
Is there another way I can NAT specific internal addresses to external addresses other than $default_out?
|
Yes you need to be using static NAT. See the FAQ section on Bidirectional 1:1 mapping using the
binat-to function.
HTH,
