you aren't using tagging in your sample.
On 2011-11-03, Wesley M. <open...@e-solutions.re> wrote:
> Hi, try this sample
>
> _int = "re0"
> _ext = "fxp1"
> int_net = "192.168.200.0/24"
> set block-policy drop
> set skip on lo
> match in all scrub (no-df max-mss 1440)
> match out on $_ext inet from $int_net to any nat-to (egress)
> block log all
> pass in on $_int inet proto udp from $int_net to any port domain
> pass in on $_int inet proto tcp from $int_net to any port \
> { www, https, ssh, pop3, imap, imaps, pop3s, submission, smtps }
> pass out on $_ext inet proto tcp all
> pass out on $_ext inet proto udp all
>
>
> All the best,
>
> Wesley MOUEDINE ASSABY.
>
>
>> _int = "re0"
>> _ext = "fxp1"
>> int_net = "192.168.200.0/24"
>>
>> pass out on $_ext tag LAN_NAT_TO_INET tagged LAN_TO_INET
>> pass in on $_int from $int_net tag LAN_TO_INET
>>
>> ......
>>
>> pass out quick on $_ext tagged LAN_NAT_TO_INET nat-to ($_ext)
>>
>>
>>
>> Any reason why at the bottom of my .conf file where nat-to is in my
> "quick"
>> rule it would work but when it's at the first filter rule it does not?
>> I've
>> read over the man page and have the book of pf v.2 and still am
> confused.
>> Any
>> tought is greatly appreciated.
>>
>>
>>
>> Regards,
>>
>> Dain
