> > > does it work when you put - inet alias X.X.X.Y 255.255.255.255 ? > > > > unfortunately not. It's the same effect as with 255.255.255.224: working > > locally on the subnet, but not when routing is involved. > > Thanks anyway for this idea! > > Guess I was to fast! After a few minutes it was working (did not do anything > in the meantime!). > The fun fact: I did a reboot with the .224 netmask in the file enabled again > and it also worked. This is weird, maybe someone could explain this (why the > .255 netmask?) to me, I have no clue why this now works and what causes this > behaviour. >
This is weird. I was too fast again. Something is really strange here. It is working on incoming stuff, e.g. also in pf on rules like "pass in quick inet proto tcp from any to X.X.X.Y port 4422 rdr-to 192.168.1.3 port 22" However, outgoing is not working. "pass out quick from 192.168.1.3 to any nat-to X.X.X.Y" is NOT WORKING, but when I use the main ip-address X.X.X.X it is working. Now the weird part: As soon as I remove any alias in the /etc/hostname.vether0 and fire up "ifconfig vether0 inet alias X.X.X.Y netmask 255.255.255.224", the pf-rules work as expected supporting nat-to with any of the firewalls external ip-addresses. Could this be a bug? Any further enlightenment would be highly appreciated, thanks!
