You cannot DNAT in outbound, nor can you SNAT on inbound. I have been
asking for the symmetric cases on the OpenBSD pf list, and it's on my
"to do one day" list, but I have no idea when that will become the top
priority (maybe never).
As I understand it, this limitation has to do with the way the TCP/IP
stack works in BSD, particularly vis-a-vis routing. You will note we
don't have an equivalent to the PREROUTING chain, either.
Thanks for the answer!
Then would it be possible to bind the IP to lo0 as an alias, connect to
this IP
and then let the rule rewrite the destination to a other one which lies
on fxp0
directly?
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
