> pass out on egress from trunk:network to any nat-to egress
> pass out on egress
Looks like you (incorrectly) assumed that first matching rule wins?
On 12/20/21 15:05, Ben Raskin -X (braskin - HIGH TECH GENESIS INC at
Cisco) wrote:
Hello, Misc;
I'm attempting to configure a firewall using pf and have been having
some troubles with NAT.
The following is my config
set skip on lo
block all
pass in on trunk from trunk:network to trunk:network
pass out on egress from trunk:network to any nat-to egress
pass out on egress
Where trunk interface group is the internal interface. I am able
to ping hosts on my intetrnal network from an arbitrary host on
said network, however, I'm not able to ping some other host say
1.1.1.1.
I've set sysctl variables for both ipv4 and ipv6 forwarding
however nat stil doesn't work. Can anyone point me in the right
direction, and show me where I went wrong? Thank you in advance.
Ben Raskin
