Hello,
i encounter a strange problem today on PF. I don't know if this i normal
but the result is illogic.
I have this rule:
pass out quick proto tcp from <all_clients_v4> to port { smtp smtps 587
imap imaps pop3 pop3s } nat-to $natto_iface
Tables contain IPv4 addresses only.
After applying this rule (i added IPv6 support yesterday), those
protocols weren't NAT-ed by PF.
By investigating, i found this:
pfctl -sr | grep nat-to
pass out quick inet6 proto tcp from <all_clients_v4> to any port = 465
flags S/SA nat-to <__automatic_d309aaac_0> round-robin
Then i look at __automatic_d309aaac_0, because inet6 was strange !
pfctl -t __automatic_d309aaac_1 -T show
2001:660:3bbb:aaaa::2
fe80::92b1:1cad:fe18:ea18
To resolve this problem i added inet keyword to my rule.
Is this normal ? Maybe a fix was required on pf parser?
Have a nice day
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
