On Thu, Jun 26, 2014 at 07:34:05PM +0900, Tuyosi Takesima wrote: > I pick > ------------------------------ > # match rules > match out on egress inet from !(egress:network) to any nat-to (egress:0) > ------------------------------- > from http://www.openbsd.org/faq/pf/example1.html > > But, this match rules don't work . > > accordin to man pf.conf > 10.0.0.0 - 10.255.255.255 (all of net 10, i.e. 10/8) > 172.16.0.0 - 172.31.255.255 (i.e. 172.16/12) > 192.168.0.0 - 192.168.255.255 (i.e. 192.168/16) > nat-to is usually applied outbound. If applied inbound, nat-to > to a local IP address is not supported.
In general, nat-to is used for outbound, rdr-to for inbound. I don't understand what you are trying to achieve. I suggest you study the FAQ. http://www.openbsd.org/faq/pf/config.html -Otto
