silly pf config issues - update
steve szmidt
steve at szmidt.org
Sun Sep 10 06:17:58 PDT 2006
On Sunday 10 September 2006 08:54, Daniel Hartmeier wrote:
> NAT happens before filtering. When your NATed packets go out on bge0,
> they no longer have those 192.158/16 source addresses, hence the table
> rules don't match.
Ah, yes! Of course! There it is - Too obvious! Thanks!!
> If you want to distinguish packets based on criteria before NAT took
> place, look at tagging (i.e. you tag when the packets pass in on the
> internal interface, where NAT hasn't occured yet, then match the tag
> when the packet passes out on the external interface, after NAT).
>
> It has nothing to do with tables, that's just a red herring.
>
> Daniel
> _______________________________________________
> Openbsd-newbies mailing list
> Openbsd-newbies at sfobug.org
> http://mailman.theapt.org/listinfo/openbsd-newbies
--
Steve Szmidt
"To enjoy the right of political self-government, men must be
capable of personal self-government - the virtue of self-control.
A people without decency cannot be secure in its liberty.
From the Declaration Principles
More information about the Openbsd-newbies
mailing list