source/destination nat pf, user space filtering pf

2 msg	ipsec.conf question
1 msg	pbm install 4.3 Packard Bell EasyNote
11 msg	Apache suexec problem
9 msg	1U IBM or Dell server for firewall
1 msg	gtk+2-2.12.7 on't upgrade after upgrade to 4.3
4 msg	colors in regular openbsd terminal
7 msg	problem building release for 4.3 stable
18 msg	Window Manager
2 msg	What tarball is xlib.h in in 4.3?
5 msg	newfs during install
1 msg	Mehr Insolvenzen in den USA
11 msg	Jack, sun and envy problem
5 msg	mknod fails after wrong arch MAKEDEV
3 msg	mplayer & snapshot install
7 msg	OpenBSD 4.3 and Xorg resolution 1280x800?
1 msg	Good news re: Flash9
37 msg	Doubt about license

source/destination nat pf, user space filtering pf
\ milli (3 May 2008)
. \ milli (3 May 2008)

61 msg	Editing C with...
2 msg	4.2, ppp problem

Subject:	source/destination nat pf, user space filtering pf
Group:	Openbsd-misc
From:	milli
Date:	3 May 2008

Hello,

I have got the following situation:
- wan nic: 192.168.0.2/24 - router 192.168.0.1
- vpn nic: 192.168.1.2/24 - router 192.168.1.1
- lan nic: 192.168.2.1/24 - client 192.168.2.99

The default route goes to 192.168.0.1. What I want is to leave the
default route and nat the traffic just from the lan through the vpn.
It's seams that nat is done after routing. If I change the default route
to 192.168.1.1 everything works. But I don't want to change the default
route and I don't want tell the lan clients anything about the vpn
network and I don't want tell the vpn router anything about the lan
network. Is there any solution to do this just with nat alone?

Another question: Are there any plans to include some user space
filtering like http://www.openbeer.it/?open=pq?

I switched back to openbsd for router/fw tasks from linux. I would like
to help to code, to test or just to tell what I need but maybe I'm to
old to do this in this live - maybe next one ;-)

--
Best regards,
Milli