match out on egress inet from vic3:network nat-to (egress:0) This is the new rule then, as it appears in pfctl -v
match out on egress inet from 10.221.181.0/24 to any nat-to (egress:0) round-robin vic2 is only NIC in egress group in ifconfig. nc -vv cvs.openbsd.org 25 from 10.221.181.20 does not connect even though there is no block rule now. 2011/10/10 Christiano F. Haesbaert <haesba...@haesbaert.org>: > On 10 October 2011 15:05, Stefan Midjich <sweh...@gmail.com> wrote: >> That was from the output of pfctl -vf /etc/pf.conf so it expands the >> rules and adds all that is implied, like keep state for example. >> > > I think that is not what you want: > match in on vic3 inet from 10.221.181.0/24 to any label "NATOut" > nat-to (vic2) round-robin > > You want to match packets going out your external interface, and then > nat-to the external interface address, so try something like: > > match out on vic2 inet from 10.221/181.0/24 nat-to (vic2) > > Considering vic2 as your external interface. > -- Med vdnliga hdlsningar / With kind regards Stefan Midjich
