Hello,
I need advice on how to NAT one subnet (LAN), which is in rdomain 0 to
the public network from rdomain 5.
I'm in a transition period between migrating from one ISP to another,
and the setup is as simple as:
- I have one Ethernet port for the public network - this is where my old
ISP still leaves. The configuration is via DHCP. This is in rdomain 0.
```
[hodor]~$ cat /etc/hostname.em0
inet autoconf
```
from pf.conf, it is the standard match rule
```
# NAT
match out log on $ExtIf from $IntIf:network \
nat-to ($ExtIf)
```
- The LAN ($IntIf) is on a bridge with a few Ethernet ports and a
vether0 interface for the server IP. This is in rdomain 0.
```
[hodor]~$ cat /etc/hostname.bridge0
add vether0
add em1
add em2
up
[hodor]~$ cat /etc/hostname.vether0
up
inet 172.16.1.1/24
```
- Now, I have attached the new ISP (also using DHCP) to one of the free
Ethernet ports (em5) with disabled DNS, so it doesn't touch the
/etc/resolv.conf. This is in rdomain 5
```
[hodor]~$ cat /etc/hostname.em5
rdomain 5
inet autoconf
[hodor]~$ cat /etc/dhcpleased.conf
interface em5 {
ignore dns
}
```
I've put some rules in pf.conf regarding this rdomain
```
## $ExtIf5 inbound
# NTP
pass in log on $ExtIf5 inet proto {tcp, udp} from any \
to ($ExtIf5) port ntp
pass in log on gif4 inet6 proto {tcp, udp} from any \
to ($IntIf) port ntp
## $ExtIf5 outbound
pass out log on $ExtIf5 inet proto {tcp, udp, icmp} from ($ExtIf) \
to any
```
And the public IP is working fine there - you can reach the NTP server,
or if I execute a command from that rdomain, it works as it should.
- My LAN still uses the old ISP for Internet access and what I want to
do is to make it use the new one from rdomain 5 and the new ISP.
I spend a few hours reading some examples and trying some configs but
without any luck.
Could you please point me in the right direction?
This is on OpenBSD-current (not very resent snapshot, but -current :)
Thanks in advance,
Atanas
