Hello again, Worked by just adding the bitmask directive to the binat rule.
match on tun0 from 192.168.0.0/24 to any binat-to 192.0.2.0/24 bitmask Thanks a lot. Your tip + RTFM = WIN! :D Cheers On Sat, 2010-06-05 at 12:15 -0400, Calomel Org wrote: > Paolo, > > You may need to use the bitmask directive. > > bitmask - grafts the network portion of the pool address over top of > the address that is being modified (source address for nat-to rules, > destination address for rdr-to rules). > > Example: if the address pool is 192.0.2.1/24 and the address being > modified is 10.0.0.50, then the resulting address will be 192.0.2.50. > If the address pool is 192.0.2.1/25 and the address being modified is > 10.0.0.130, then the resulting address will be 192.0.2.2. > > http://www.openbsd.org/faq/pf/pools.html > > -- > Calomel @ https://calomel.org > Open Source Research and Reference > > > On Sat, Jun 05, 2010 at 11:41:43AM -0400, Paolo Reyes Balleza wrote: > >Hello all, > > > >I was using pf's (OBSD 4.6) binat for openvpn purposes with > >192.168.0.0/24 binatted to 192.0.2.0/24 since I can't renumber the local > >LAN to avoid the overlap. > > > >This doesn't work with current: > >match on tun0 from 192.168.0.0/24 to any binat-to 192.0.2.0/24 > >for the entire subnet any more. > > > >Everything gets routed to 192.168.0.0 no matter what "external" host > >address I use. It used to be that 192.0.2.1 would map out to > >192.168.0.1. > > > >One to one mapping does work though. > > > >Is this the new behaviour of pf? > > > >Just asking because it'd be a PITA to map each host. > > > >Cheers and thanks in advance.
