On 03:14:10 Dec 22, Mikolaj Kucharski wrote:
Hi,
# echo binat on wi0 inet proto '{' tcp udp icmp '}' \
from 192.168.100.2 to any '-' 192.168.15.103 | pfctl -f -
# pfctl -sn
binat on wi0 inet proto tcp from 192.168.100.2 to any - 192.168.15.103
# sysctl -n kern.version
OpenBSD 4.2-current (GENERIC) #599: Fri Dec 14 17:13:48 MST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
I didn't work with PF for long time, so maybe I'm missing something, but
is this behaviour correct? Could someone more experienced comment on
this? TIA
I am no authority but looking at the grammar section in pf.conf(5), I
would guess that it is correct behavior.
nat-rule = [ no ] nat [ pass [ log [ ( logopts ) ] ] ]
[ on ifspec ] [ af ]
[ protospec ] hosts [ tag string ] [ tagged
string ]
[ - ( redirhost | { redirhost-list } )
[ portspec ] [ pooltype ] [ static-port ] ]
binat-rule = [ no ] binat [ pass [ log [ ( logopts
) ] ] ]
[ on interface-name ] [ af ]
[ proto ( proto-name | proto-number ) ]
from address [ / mask-bits ] to ipspec
[ tag string ] [ tagged string ]
[ - address [ / mask-bits ] ]
rdr-rule = [ no ] rdr [ pass [ log [ ( logopts ) ] ] ]
[ on ifspec ] [ af ]
[ protospec ] hosts [ tag string ] [ tagged
string ]
[ - ( redirhost | { redirhost-list } )
[ portspec ] [ pooltype ] ]
You can see that there is no 'protospec' token in binat-rule.
-Girish
