On 05/06/2014 12:54 PM, Marko Cupać wrote: > Hi, > > with the following two match lines: > > match out on $ext_if from 192.168.1.0/24 to any nat-to X.X.X.X > match out on $ext_if from 192.168.1.55 to any nat-to Y.Y.Y.Y > > and the following pass line: > > pass in on $int_if inet proto tcp from 192.168.1.55 to any > > will the packets be translated to X.X.X.X or Y.Y.Y.Y? > > Regards, > I think the first thing happening is to let pass the packet from 192.168.1.55 in the router, then the first match rule will be applied, translating the packet to X.X.X.X and the second will never match. A simple way to know is to add 2 rules: pass log out on $ext_if inet proto tcp from X.X.X.X pass log out on $ext_if inet proto tcp from Y.Y.Y.Y
then tcpdump -i pflog0.
