This diff is incorrect, I should've tested it before sending it. Thank you to everyone that replied and sorry if it was a bother/inconvenience.
On Mon, 19 Jun 2023 08:07 +0200, Alexandr Nedvedicky wrote: > Hello, > > On Sun, Jun 18, 2023 at 06:29:28PM -0600, Ashlen wrote: > > On Sun, 18 Jun 2023 20:35 +0200, Stephan Neuhaus wrote: > > > Hi list > > > > > > I think I have found a typo in the pf NAT FAQ here: > > > https://www.openbsd.org/faq/pf/nat.html. In the > > > "Configuring NAT" section it says: > > > > > > The general format in pf.conf looks something like this: > > > > > > match out on interface [af] \ > > > from src_addr to dst_addr \ > > > nat-to ext_addr [pool_type] [static-port] > > > [...] > > > pass out [log] on interface [af] [proto protocol] \ > > > from ext_addr [port src_port] \ > > > to dst_addr [port dst_port] > > > > > > As you can see, the pass rule says "from ext_addr". > > > But beneath the description of the various options, it > > > says: > > > > > > This would lead to a most basic form of these lines similar to this: > > > > > > match out on tl0 from 192.168.1.0/24 to any nat-to 198.51.100.1 > > > pass on tl0 from 192.168.1.0/24 to any > > > > > > Here you can see that the "from" part is what the > > > above description calls the src_addr, not the > > > ext_addr, as it claims. This makes much more sense and > > > is consistent with all the other documentation that > > > I've seen. > > > > > > So could it be a typo in the docs? Or have I missed some things? > > > > > > Thanks in advance > > > > > > Stephan > > > > > > > That looks like a typo to me. Changing CC to include tech@ and drop > > misc@ (I've been told it's bad form to send patches on misc@). > > yes it is a typo, your diff looks OK to me. > > thanks and > regards > sashan > > > Index: nat.html > > =================================================================== > > RCS file: /cvs/www/faq/pf/nat.html,v > > retrieving revision 1.79 > > diff -u -p -r1.79 nat.html > > --- nat.html 12 May 2021 15:13:25 -0000 1.79 > > +++ nat.html 19 Jun 2023 00:18:15 -0000 > > @@ -166,7 +166,7 @@ match out on interface [af] \ > > nat-to ext_addr [pool_type] [static-port] > > [...] > > pass out [log] on interface [af] [proto protocol] \ > > - from ext_addr [port src_port] \ > > + from src_addr [port src_port] \ > > to dst_addr [port dst_port] > > </pre> > > >
