I have noticed an odd problem with NAT in pf and was wondering if this should behave the way it is.
The router host is running pf doing NAT and a PPPoE connection to the internet using /usr/sbin/ppp (a.k.a. user-ppp). The ppp session is not doing any NATing.
An extract of my pf.conf is as follows:
When I ping from a host 192.168.27.10 to a public IP address (say 104.98.30.13) and observe egress traffic, I see the pings going out tun0 with the source IP being that of the tun0 interface
which is a public IP address.
When I increase the payload size of the ping to 2048 via:
The egress packets are going out with the source address 192.168.27.10 . This means that pf is not NATing these packets.
Should this work or is it failing for a known reason ?
Does anyone have any pointers to what I am missing ?
The router host is running pf doing NAT and a PPPoE connection to the internet using /usr/sbin/ppp (a.k.a. user-ppp). The ppp session is not doing any NATing.
An extract of my pf.conf is as follows:
Code:
public_if = "tun0"
corp_net = "192.168.27.0/24"
private_nets = "{ 192.168.0.0/16 }"
no nat on { $public_if, $perim_if } from any to $private_nets
nat on $public_if from $corp_net to any -> ($public_if:0)When I ping from a host 192.168.27.10 to a public IP address (say 104.98.30.13) and observe egress traffic, I see the pings going out tun0 with the source IP being that of the tun0 interface
which is a public IP address.
When I increase the payload size of the ping to 2048 via:
ping -s 2048 104.98.30.13The egress packets are going out with the source address 192.168.27.10 . This means that pf is not NATing these packets.
Should this work or is it failing for a known reason ?
Does anyone have any pointers to what I am missing ?