I plain don't understand your problem, nor was it clear was yur question actually was.
* Rod Whitworth <[email protected]> [2010-05-12 11:39]: > >maybe the idea was that it's simpler to write pass/block rules for your > >traffic, then just match the nat stuff. i don;t know. > And neither does anyone else who hangs out here, it seems. pass / block and match nat-to afterwards works fine. so does doing that very same match nat-to beforehands. so does doing the nat-to on the pass rules. -- Henning Brauer, [email protected], [email protected] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
