Re: npf questions/experience migrating from ipf on NetBSD8

[yancm%sdf.org@localhost]

>
> yancm%sdf.org@localhost wrote:
>>>>I even tried a simple, promiscuous ruleset and that also fails to NAT?
>>>>
>>>># npfctl show
>>>># filtering:    active
>>>># config:       loaded
>>>>
>>>>procedure "log"
>>>>
>>>>map wm0 dynamic any -> 10.1.10.10 pass family inet4 from 192.168.1.0/24
>>>> #
>>>>id="1"
>>>
>>> You seem to be using 192.168.1.0/24 for your lan, where does 10.1.10.10
>>> come into the equation ?
>>>
>>> I'm guessing that wm0 is your external interface, what is the IPv4
>>> address ?
>>
>>Yeah...oddball setup...the "external", to the NetBSD router
>>interface, really is 10.1.10.10 (wm0).
>>
>>10.1.10.1 (the only other member of this intermediate local net)
>>is the Comcast router and it is bidirectionally routing
>>10.1.10.1 to and from a dynamic ip...
>
> Have you tried copying what is in soho_gw-npf.conf ?

This is what I have, I started with this example:
# $NetBSD: soho_gw-npf.conf,v 1.6 2014/02/08 01:32:19 rmind Exp $
#
# SOHO border
#
# 2020.12.31 - Gettting ready to migrate from ipnat/ipf to npf prior to
upgrade NetBSD 8 --> 9
# Originally this this example was for a natting border
gateway/webserver/mailserver/nameserver
# IPv4 only
#

$ext_if = "wm0"
$ext_v4 = inet4(wm0)
$ext_v6 = inet6(wm0)
$ext_addrs = { inet4(wm0), inet6(wm0) }

$int_if = "bge0"
$int_v4 = inet4(bge0)

# a table to house e.g. block candidates in
#table <block> type hash file "/usr/share/examples/npf/hashtablefile"
# feed this using e.g.: npfctl table "int-block" add 198.51.100.16/29
#table <int-block> type tree dynamic

$services_tcp = { http, https, smtp, domain }
$services_udp = { domain, ntp }
$localnet0 = { 192.168.1.0/24 }

# NAT outgoing to the address of the external interface
# Note: if $ext_if has multiple IP addresses (e.g. IPv6 as well),
# then the translation address has to be specified explicitly.
#set portmap.max_port 51200
#set portmap.min_port 2048
map $ext_if dynamic $localnet0 -> $ext_v4