Chris Smith wrote:
> On Wednesday 16 July 2008, Marco Fretz wrote:
>> pf nat rule:
>> nat log on bge0 inet from 172.16.12.128/27 tag natted -> 88.82.xx.xx
>>
>> pf filter rule:
>> pass log quick all flags S/SA keep state tagged natted
>
> FWIW, you no longer need to specify "flags S/SA keep state"
On Wednesday 16 July 2008, Chris Smith wrote:
> > pass log quick all flags S/SA keep state tagged natted
Just to clarify my thinking - the packet has to be passed in before it
can be natted which applies, in your case, the natted tag, changing the
above to a pass out rule and then add a pass in
On Wednesday 16 July 2008, Marco Fretz wrote:
> pf nat rule:
> nat log on bge0 inet from 172.16.12.128/27 tag natted -> 88.82.xx.xx
>
> pf filter rule:
> pass log quick all flags S/SA keep state tagged natted
FWIW, you no longer need to specify "flags S/SA keep state" as it is the
default.
It do
3 matches
Mail list logo
