Since I got my Fullrate ADSL I’ve been incredibly frustrated by all the things the crappy router they use can’t do, so I got myself a static IP, which means the router gets set up as a bridge.

It was so nice getting my old setup with my Soekris net4801 and OpenBSD up and running again. I had been neglecting upgrading the net4801 for a long time, so it was reinstalled with OpenBSD 4.8… and the old pf.conf didn’t work.

Of course it was just a quick visit to the PF FAQ and there was an almost complete example I could adapt. Lots of changes to how NAT is configured:

match out on egress inet from !(egress) to any nat-to (egress:0)

Very neat and tidy. The egress interface is the interface with the default gateway on, and it gets defined automatically by PF. Practical.