Hello Iv've the following problem in PF with NAT / Filtering, OpenBSD 4.4 (-current):
pf nat rule: nat log on bge0 inet from 172.16.12.128/27 tag natted -> 88.82.xx.xx pf filter rule: pass log quick all flags S/SA keep state tagged natted the packed is dropped by my default deny rule (the rule does never match). i think the packet does not get the tag "natted". any ideas? them same thing with rdr rules is woking fine. nat and rdr is done before filtering, right? so if the connection gets natted the tag should be present in the filter section...? (thats what i read in the FAQ) thanks and best regards Marco
