Am 19.04.2025 19:57 schrieb Stuart Henderson:
However: I don't think it's all that likely to help, I'd expect your
upstream nat to have already changed the source port...
`quick` comes to mind ofc - and also the fact about "already changed" if
the leet-rule comes first IF `from` is used, mind:
match out from $mylan to box1337 port 1337 nat-to
$whatever_maybe_public-ip 31337
match out from $mylan to any nat-to $public-ip # this wont match 1337
packets, since
"from" is already mangled
Also: I don't remember what happens if there's an active PF state
already
using this port - maybe the nat will be ignored, maybe the packet will
be dropped.
used is in use and wont be used again - there's a lookup from what i
recall
PS: don't forget (this might be just be an emitting VM anyway): nat
needs
the forwarding sysctl.
--
pb
