> Does anyone know if this is an issue with 3.1 or have a misunderstood > something? Will a route-to ignore nat rules?
You remember that NAT rules are ALWAYS evaluated before filter rules, right? Quote from http://www.openbsd.org/cgi-bin/man.cgi?query=nat.conf&apropos=0&sektion=0&manpath=OpenBSD+3.1&arch=i386&format=html Also note that all translations of packets occur before the filter rules in pf.conf(5) are evaluated. Hence, 'pass in' rules for redirected pack- ets should specify the address/port after translation. Your packets from 1.2.3.4 first have their source addresses changed to rl2. This means that, since their source addresses are no longer 1.2.3.4, your second rule never matches. __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
