On 2008-07-09, Stuart Henderson <[EMAIL PROTECTED]> wrote: > nat on egress proto udp from (self) to any port 53 -> (self)
thanks to those who pointed out (self) includes 127.0.0.1, so you
don't want to use -> (self), rather use -> (egress).
e.g. "nat on egress proto udp from (self) to any port 53 -> (egress)",
if you have a larger address space available you can use more
of it, e.g. you can use "{192.0.192.0/24} random" on a firewall in
front of name servers.
