On 18/1/25 21:11, louise9...@gmail.com wrote:
Questions:
1. About your match out egress findings, would you recommend I use the
actual WAN interface instead of egress? For instance match out igc0?
Best to use (egress:0) for this in the event that your ISP rolls your IP
address without telling you, your NAT will still work. It could look
something like this:
match out on egress inet from !(egress) to any nat-to (egress:0)
2. Also is there any other way to do this without the static-port
option for ALL traffic instead of just for the Xbox? Am I hampering my
security by doing so?
static-port should be used only for the xbox traffic. The rest of the
traffic can use a separate match out rule:
match out on egress inet from !(egress) to any nat-to (egress:0)
match in on $int_if inet from <xbox> tag myxbox
match out on egress inet nat-to (egress:0) static-port tagged myxbox
All traffic from internal will use the first rule as the third rule will
never match unless it has been tagged because it matched the second rule.
P.S. : Thank you so much for answering and I appreciate your help and
kind support!
No worries, glad you got it working. Cheers
