Interesting. I did a few tests now, and here are results. This doesn't map ports statically on 6.2 but does on 5.9: pass out from 10.11.12.13 to any nat-to 1.2.3.4 static-port
This works fine: pass out quick from 10.11.12.13 to any nat-to 1.2.3.4 static-port This works fine too: match out from 10.11.12.13 to any nat-to 1.2.3.4 static-port Martin On Mon, Jan 22, 2018 at 8:23 PM, Michael Price <[email protected]> wrote: > It appears to be working on two boxes I checked using a match out rule. I’m > not using a binat-to line. > > Michael > > On Mon, Jan 22, 2018 at 10:49 AM Martin Hlavatý <[email protected]> wrote: >> >> Hello everyone, >> in December I upgraded from 5.9 to 6.2 (including 6.0 and >> 6.1) and shortly after that few customers contacted me >> that they are getting nat type 3 on their xbox\playstation. >> When doing some investigation, I noticed that binat-to >> rules have static-port specified, but looking into states >> table, they were actually not mapped statically. Failing >> over to backup box still running 5.9 with identical ruleset, >> ports are actually mapped statically and online gaming >> on consoles works fine. >> >> I tried to do some investigation, but am not aware of any >> change in pf syntax. So wondering if anyone would be >> able to confirm this behavior? >> >> this is in rules: >> >> pass out inet from 10.11.12.13 to any flags S/SA nat-to 5.6.7.8 >> static-port >> pass in inet from any to 5.6.7.8 flags S/SA rdr-to 10.11.12.13 >> >> and example of states: >> >> all udp 5.6.7.8:65350 (10.11.12.13:3074) -> 52.166.52.75:1986 >> MULTIPLE:MULTIPLE >> all tcp 5.6.7.8:63203 (10.11.12.13:38010) -> 31.13.91.33:443 >> ESTABLISHED:ESTABLISHED >> all tcp 5.6.7.8:59711 (10.11.12.13:42530) -> 74.125.133.188:5228 >> ESTABLISHED:ESTABLISHED >> >> >> >> Regards, >> Martin >> >
