Hi,
Is there a problem with table counters and NAT? I don't have any
counters at all.
I have a table <nat_users> which has counters enabled
# pfctl -sT -v|grep nat_users
--a-r-C nat_users
I also have pf rules that reference this table.
@100 pass out quick on vlan123 inet proto tcp from <nat_users:4> port >
1023 to ! <nat_exclude:5> port > 1023 flags S/SA nat-to xx.xx.xx.xx/29
source-hash 0xkey
I also have states created from this rule
#pfctl -ss -vv|grep "rule 100"
age 04:00:49, expires in 23:59:43, 1150:1431 pkts, 163312:103039
bytes, rule 100
age 04:00:35, expires in 23:53:03, 60:35 pkts, 3266:1980 bytes, rule 100
age 00:06:10, expires in 00:10:00, 15:1 pkts, 4544:60 bytes, rule 100
...
However I don't have counters on the table's entries.
# pfctl -t nat_users -vTshow
yy.yy.yy.1
Cleared: Thu Sep 24 14:13:08 2015
yy.yy.yy.2
Cleared: Thu Sep 24 14:13:08 2015
If I create another table and a normal pf rule (no nat) then I have
counters... as soon as there is traffic matching the rule.
second question: when is the cleared time I see above updated apart from
the initial input of the ip in the table?
thanks
Giannis
