On Sun, 18 Jun 2023 20:35 +0200, Stephan Neuhaus wrote:
> Hi list
>
> I think I have found a typo in the pf NAT FAQ here:
> https://www.openbsd.org/faq/pf/nat.html. In the
> "Configuring NAT" section it says:
>
> The general format in pf.conf looks something like this:
>
> match out on interface [af] \
> from src_addr to dst_addr \
> nat-to ext_addr [pool_type] [static-port]
> [...]
> pass out [log] on interface [af] [proto protocol] \
> from ext_addr [port src_port] \
> to dst_addr [port dst_port]
>
> As you can see, the pass rule says "from ext_addr".
> But beneath the description of the various options, it
> says:
>
> This would lead to a most basic form of these lines similar to this:
>
> match out on tl0 from 192.168.1.0/24 to any nat-to 198.51.100.1
> pass on tl0 from 192.168.1.0/24 to any
>
> Here you can see that the "from" part is what the
> above description calls the src_addr, not the
> ext_addr, as it claims. This makes much more sense and
> is consistent with all the other documentation that
> I've seen.
>
> So could it be a typo in the docs? Or have I missed some things?
>
> Thanks in advance
>
> Stephan
>
That looks like a typo to me. Changing CC to include tech@ and drop
misc@ (I've been told it's bad form to send patches on misc@).
Index: nat.html
===================================================================
RCS file: /cvs/www/faq/pf/nat.html,v
retrieving revision 1.79
diff -u -p -r1.79 nat.html
--- nat.html 12 May 2021 15:13:25 -0000 1.79
+++ nat.html 19 Jun 2023 00:18:15 -0000
@@ -166,7 +166,7 @@ match out on interface [af] \
nat-to ext_addr [pool_type] [static-port]
[...]
pass out [log] on interface [af] [proto protocol] \
- from ext_addr [port src_port] \
+ from src_addr [port src_port] \
to dst_addr [port dst_port]
</pre>
