For reasons I won't go into, I have a dedicated ethernet link to a device that does not do ARP for some IP addresses. As a result, when it sends packets toward my machine, they get tagged with a destination MAC address of ff:ff:ff:ff:ff:ff. Changing the behavior of this device isn't possible for my purposes.
With one of these non-ARPed addresses attached to my outside interface, and a pf rule such as pass out log-all on $ext_if from $problem_addr to any keep state communications from the local machine work exactly as expected.
However, nat on $ext_if from $int_test to any -> $problem_addr does not.
$int_if: mac mac: $int_test > $remote: icmp echo request pfsync0: insert state: icmp $int_test -> $problem_addr -> $remote pflog0: pass out on $ext_if: $problem_addr > $remote: icmp echo request $ext_if: mac mac: $problem_addr > $remote: icmp echo request
$ext_if: mac broadcast: $remote > $problem_addr: icmp echo reply pflog0: pass in on $ext_if: $remote > $problem_addr: icmp echo reply
..and that's the last I see of it. This is from a -current snapshot, early March.
Where did my packet go?
