On Wed, Apr 02, 2008 at 04:27:17PM -0700, Adam Richards wrote: > While I'd prefer a "yes pf can do this" answer, I will accept a > "no...but here are the code sections you'll want to look at to > start your patch work" answer. ;)
No, pf can't do it. Not because it's technically impossible or unreasonable, it's just not a typical use case. For most users, routable address space is a scarcer resource than RAM for state table entries (they have much less external IP addresses than internal ones). Take a look at pf.c, you probably have to add some short-circuit to pf_test_state_*(). Instead of looking up the state entry, simply do the address mapping. Or maybe fiddle with the state lookup, so it returns a static state entry with the fields filled out correctly for the mapping. It's probably not trivial. Good luck ;) Daniel