On Sunday, July 27, 2003 9:54 AM, Daniel Melameth wrote: >>>>> The following snippets DO NOT work fine under 3.3 stable (on >>>>> similar >>>>> machine): >>>> >>>>> nat on $ext inet proto udp from $ipp port = 5004 to $ipc -> $ext >>>>> port 5004 nat on $ext inet proto udp from $ipp port = 5567 to $ipc
>>>>> -> $ext >>>>> port 5567 >>>> >>>>> # pfctl -s all >>>>> ... >>>>> nat on ep1 inet proto udp from 172.30.0.127 port = 5004 to >>>>> 191.255.255.1 -> 223.255.255.1 port 5004:35859 nat on ep1 inet >>>>> proto udp from 172.30.0.127 port = 5567 to >>>>> 191.255.255.1 -> 223.255.255.1 port 5567:48917 >>>> >>>> Did you upgrade pfctl too? It had a bug that caused it to set the >>>> second port incorrectly. >>> >>> As far as I can tell I did both userland and the kernel via CVS. >> >> Ah, turns out this is a different bug. It's been fixed in -current, >> but hasn't reached -stable. Yet. Again. Does someone not like Ryan >> McBride's patches? :) >> >> http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/ >> parse.y.diff?r1=1.373&r2=1.374 > > Ah. I missed this one... Does look like a fine stable candidate > though... > >>>> For what you're doing, using the static-port option instead of a >>>> specific port should also work. >>> >>> I'm not familiar with this, would you please give me an example? >> >> nat on $ext inet proto udp from $ipp port = 5004 to $ipc -> $ext >> static-port >> >> This option causes nat to keep the source port the same, instead of >> rewriting it as usual. > > Appears less complex and exactly what I need (perhaps this what I should > have used initially)... I will give this a shot when I am onsite next > and report on the results. This did the trick! Thanks Trevor!
