Re: source/destination nat pf, user space filtering pf

2 msg	ipsec.conf question
1 msg	pbm install 4.3 Packard Bell EasyNote
11 msg	Apache suexec problem
9 msg	1U IBM or Dell server for firewall
1 msg	gtk+2-2.12.7 on't upgrade after upgrade to 4.3
4 msg	colors in regular openbsd terminal
7 msg	problem building release for 4.3 stable
18 msg	Window Manager
2 msg	What tarball is xlib.h in in 4.3?
5 msg	newfs during install
1 msg	Mehr Insolvenzen in den USA
11 msg	Jack, sun and envy problem
5 msg	mknod fails after wrong arch MAKEDEV
3 msg	mplayer & snapshot install
7 msg	OpenBSD 4.3 and Xorg resolution 1280x800?
1 msg	Good news re: Flash9
37 msg	Doubt about license

source/destination nat pf, user space filtering pf
\ milli (3 May 2008)
. \ milli (3 May 2008)

61 msg	Editing C with...
2 msg	4.2, ppp problem

Subject:	Re: source/destination nat pf, user space filtering pf
Group:	Openbsd-misc
From:	milli
Date:	3 May 2008

milli wrote:
> Hello,
>
> I have got the following situation:
> - wan nic: 192.168.0.2/24 - router 192.168.0.1
> - vpn nic: 192.168.1.2/24 - router 192.168.1.1
> - lan nic: 192.168.2.1/24 - client 192.168.2.99
>
> The default route goes to 192.168.0.1. What I want is to leave the
> default route and nat the traffic just from the lan through the vpn.
> It's seams that nat is done after routing. If I change the default route
> to 192.168.1.1 everything works. But I don't want to change the default
> route and I don't want tell the lan clients anything about the vpn
> network and I don't want tell the vpn router anything about the lan
> network. Is there any solution to do this just with nat alone?

a pass rule with route-to ($vpn_if _192.168.1.1_) helped.

> Another question: Are there any plans to include some user space
> filtering like http://www.openbeer.it/?open=pq?

still open