Hi,
source-hash gives me different IP when used on different rules
pass out quick log on $ext_if proto tcp from 10.0.0.1 to 203.0.113.1
port 80 nat-to 192.0.2.0/24 source-hash
pass out quick log on $ext_if proto tcp from 10.0.0.1 to 203.0.113.1
port 443 nat-to 192.0.2.0/24 source-hash
With this I get:
Feb 09 17:32:29.467431 rule 133/(match) pass out on vlanxxx:
192.0.2.1.64386 > 203.0.113.1.80: S 2151338718:2151338718(0) win 14600
<mss 1440,sackOK,timestamp 883937025 0,nop,wscale 9>
Feb 09 17:32:33.464448 rule 134/(match) pass out on vlanxxx:
192.0.2.2.57614 > 203.0.113.1.443: S 2121037714:2121037714(0) win 14600
<mss 1440,sackOK,timestamp 883941022 0,nop,wscale 9>
If I change the firewall rule to:
pass out quick log on $ext_if proto tcp from 10.0.0.1 to 203.0.113.1
port {80, 443} nat-to 192.0.2.0/24 source-hash
although this is evaluated in 2 rules (at least in pfctl -sr) I always
get the same IP 192.0.2.1
Is this normal?
thanks,
Giannis
