* Marko Cupać <marko.cu...@mimar.rs> [2014-05-06 12:55]: > Hi, > > with the following two match lines: > > match out on $ext_if from 192.168.1.0/24 to any nat-to X.X.X.X > match out on $ext_if from 192.168.1.55 to any nat-to Y.Y.Y.Y > > and the following pass line: > > pass in on $int_if inet proto tcp from 192.168.1.55 to any > > will the packets be translated to X.X.X.X or Y.Y.Y.Y?
unable to say without knowing X.X.X.X. packets hitting the first rule will get their src rewritten to X.X.X.X. if X.X.X.X happens to be 192.168.1.55, these packets will match your second match rule, if X.X.X.X is anything else, they won't. If Y.Y.Y.Y happens to be 192.168.1.55, these packets will match the pass rule, otherwise they won't. I'm really saying here that rewrites are applied immediately (hurts a little to say that since I know the internals, but that's what the user visible side is). -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
