Hi,
i think this is a pf's bug:
short description:
internal interface with two different ip's in two different lans:
192.168.20.254/24
192.168.21.254/24
They're used as gateway from the two lans.
nat rules: every 10 ip's use a different public ip.
everithing works fine for the first lan, with the second one pf doesn't
match the right rule(1) but similar rule for the other lan(2).
this is only true for NAT RULES, if i use a similar rule for filtering
(3,4) they perfectly match the right one.
(1)
nat on $ext_if from $lan_pri_01 -> $ip_pub_01
(2)
nat on $ext_if from $lan_pri_26 -> $ip_pub_26
(3)
pass in log quick on {192.168.20.254} from 192.168.20.0/24 to any flags
S/SA keep state
(4)
pass in log quick on {192.168.21.254} from 192.168.21.0/24 to any flags
S/SA keep state
lan_pri_01="{ 192.168.20.01 - 192.168.20.10 }"
lan_pri_26="{ 192.168.21.01 - 192.168.21.10 }"
it seems nat rule use only the last octet to match it.
thanks in advance
--
Cris, member of G.U.F.I
Italian FreeBSD User Group
http://www.gufi.org/
