On 2007/08/21 11:26, Chris Smith wrote:
>
> Interfaces and gateways (att is default route and does work always
"Since translation occurs before filtering the filter engine will see
packets as they look after any addresses and ports have been translated."
conversely, the translation rules see the packets *before* the route-to
has taken place, i.e. on $att_if, not the other interfaces.
e.g.
nat on $att_if from $xxx_net -> $xxx_ip
nat on $att_if from $yyy_net -> $yyy_ip
pass out on $att_if route-to ($xxx_route) from $xxx_ip
pass out on $att_if route-to ($yyy_route) from $yyy_ip
