PF nat + pass rules

X

xpenziuz

hi. i have a network like this:

Code: 
            |   |--VLAN100 (192.168.3.1)| LOCAL-VLAN
ISP--PUB-IP--   |
            |   |--VLAN200 (192.168.2.1)| LOCAL-VLAN

I use these rules,
Code: 
ext_if = "re1"
vlan100 = "vlan100"
vlan200 = "vlan200"

nat on $ext_if from $vlan100 to any -> ($ext_if)
nat on $ext_if from $vlan200 to any -> ($ext_if)

pass on $vlan100 from $vlan100:network to any
pass on $vlan200 from $vlan200:network to any
The problem is really that when i use the rules above i can go from vlan100 to vlan200 via nat, i want to have rules like
Code: 
pass on $vlan100 from $vlan100:network to any [B]out via $ext_if
so that traffic only is possible between $ext_if and vlan100 not between vlan100 and vlan200, is there nice way to do this ?

Thanks for all reply's :)
Alex
 
How about something like this?
Code: 
pass on $vlan100 from $vlan100:network to !$vlan200:network
pass on $vlan200 from $vlan200:network to !$vlan100:network
 
You must log in or register to reply here.
Back
Top