This actually is a bit of a bother. It does appear that rdr rules are executed before map rules, not in order of appearance.
For example, if you wanted to allow subnet 1.0/24 out without going to a transparent cache, and have all the other networks get cached... map fxp1 192.168.1.0/24 -> 0/32 rdr fxp0 0.0.0.0/0 port 80 -> somecache port 3128 tcp map fxp1 192.168.0.0/16 -> 0/32 Would be a simple I would have thought of doing this, however, the ips in 1.0/24 still get redirected. In my actual testing it was just to get 2 ip's out of a pool to go through without caching... So I used something like map fxp1 192.168.1.200/32 -> 0/32 What is the correct way of doing this? Thanks Dave
