silly pf config issues - update
Daniel Hartmeier
daniel at benzedrine.cx
Sun Sep 10 05:54:40 PDT 2006
NAT happens before filtering. When your NATed packets go out on bge0,
they no longer have those 192.158/16 source addresses, hence the table
rules don't match.
If you want to distinguish packets based on criteria before NAT took
place, look at tagging (i.e. you tag when the packets pass in on the
internal interface, where NAT hasn't occured yet, then match the tag
when the packet passes out on the external interface, after NAT).
It has nothing to do with tables, that's just a red herring.
Daniel
More information about the Openbsd-newbies
mailing list