Looking for a bit of clarification on match and nat-to. At one point
(and maybe still so?) nat rules were "first matching" as opposed to
the 'normal' case of "last matching" but match rules are sticky until
overridden.
With:
match out on $ext_if inet from !($ext_if) to any nat-to ($ext_if)
match out on $ext_if inet from $gamer to any nat-to ($ext_if) static-port
Followed by a pass rule:
pass in on $int_if inet proto { tcp, udp } from em0:network
Does the system $gamer (it is a system on the internal network) get
static-port natted? Or should those rules be reordered? Or should
something different be done?
What happens when $gamer wants to use a port that's already in use?
As a note the particular system in question is running an older version:
OpenBSD 5.1-current (GENERIC.MP) #1: Thu May 31 18:31:17 EDT 2012
in case the answer(s) might different.
Thanks,
Chris
