On 10 October 2011 15:05, Stefan Midjich <[email protected]> wrote: > That was from the output of pfctl -vf /etc/pf.conf so it expands the > rules and adds all that is implied, like keep state for example. >
I think that is not what you want: match in on vic3 inet from 10.221.181.0/24 to any label "NATOut" nat-to (vic2) round-robin You want to match packets going out your external interface, and then nat-to the external interface address, so try something like: match out on vic2 inet from 10.221/181.0/24 nat-to (vic2) Considering vic2 as your external interface.
