Re: Configure NetBSD as a gateway for LAN hosts

Martin Husemann <> writes:

> On Sat, Oct 17, 2020 at 04:39:47PM +0200, Rocky Hotas wrote:
>> > In general it is best to get packet flow working first and then start caring
>> > about filtering, but with NAT this is tricky.
>> Why is this tricky with NAT? Because when a request exits from the
>> gateway, it exits from a port determined by the NAT, but when the answer gets
>> back to the gateway, it is hard to recognize it?
> Because you need to get two parts working at the same time, where without NAT
> you can debug routing first and when that works debug filtering rules.

Yes, but you can only debug it in terms of watching outgoing packets to
your ISP with tcpdump that have source addresses on your internal LAN.

NAT is not that hard.   firewall configs are.

