On 2013-09-07, Christopher Zimmermann <madro...@gmerlin.de> wrote: > Hi, > > as far as I understand pf, the following rules should behave exactly > the same: > > pass out log on pppoe0 inet proto udp from mortimer-ipsec port 5061 nat-to > (pppoe0) static-port > and > pass out log on pppoe0 inet proto udp from mortimer-ipsec port 5061 nat-to > (pppoe0) port 5061 > > but they don't: > > rule 98/(match) pass out on pppoe0: 217.190.89.90.56487 > 88.215.213.26.5748: > udp 2048 > resp. > rule 98/(match) pass out on pppoe0: 217.190.89.90.5061 > 62.138.116.3.5748: > udp 2048 > > this is on an OPENBSD_5_4 kernel. > > -- > http://gmerlin.de > OpenPGP: http://gmerlin.de/christopher.pub > 1917 680A 723C BF3D 2CA3 0E44 7E24 D19F 34B8 2A2A > > [demime 1.01d removed an attachment of type application/pgp-signature] > >
The most likely reason for this failing is if you have tried to translate to a port which is already in-use. If "translate" in "pfctl -si" is non-zero, then this has happened.
