On Fri, Nov 05, 2004 at 04:34:25PM -0800, Brian Street wrote: > > On Friday, November 5, jared wrote: > > > > nat on $ext_if_sbc from $lan_net to any -> ($ext_if_sbc) > > nat on $ext_if_rcn from $lan_net to any -> ($ext_if_rcn) > > this second nat line isn't ever going to be evaluated by a packet > seen, as nat rules are first-match: > > ---pf.conf(5)--- > For each packet processed by the translator, the translation rules are > evaluated in sequential order, from first to last. The first matching > rule decides what action is taken. > ----------------. > > I'm sorry if I don't understand, but seems to me that if the traffic is > coming in on the rcn line then the first rule (sbc line) has no effect and > traffic is passed to the next rule for processing.
ohohoh, this is my fault for not reading well enough. didn't catch that those two lines were on two different ifaces ( $ext_if_sbc looking characterally similar to $ext_if_rcn ) ignore that comment i made then, as it's N/A :P jared -- [ openbsd 3.6 GENERIC ( oct 12 ) // i386 ]
