On 28 February 2014 10:15, Loïc Blot <[email protected]> wrote: > Hello, > i encounter a strange problem today on PF. I don't know if this i normal > but the result is illogic. > > I have this rule: > > pass out quick proto tcp from <all_clients_v4> to port { smtp smtps 587 > imap imaps pop3 pop3s } nat-to $natto_iface > > Tables contain IPv4 addresses only. > > After applying this rule (i added IPv6 support yesterday), those > protocols weren't NAT-ed by PF. > > By investigating, i found this: > > pfctl -sr | grep nat-to > > pass out quick inet6 proto tcp from <all_clients_v4> to any port = 465 > flags S/SA nat-to <__automatic_d309aaac_0> round-robin > > Then i look at __automatic_d309aaac_0, because inet6 was strange ! > > pfctl -t __automatic_d309aaac_1 -T show > 2001:660:3bbb:aaaa::2 > fe80::92b1:1cad:fe18:ea18 > > To resolve this problem i added inet keyword to my rule. > > Is this normal ?
yes, you've got what you've asked for. you should say "pass out quick inet" if you don't want inet6. > Maybe a fix was required on pf parser? > > Have a nice day > > > -- > Best regards, > > Loïc BLOT, Engineering > UNIX Systems, Security and Network Engineer > http://www.unix-experience.fr
