Not the most precise description I see - pe...@bsdly.net (Peter N. M. Hansteen) writes:
> match out log on $ext_if inet nat-to ($ext_if) > > AFter upgrading, this was loaded as > > match out log on $ext_if inet nat-to $ext_addr round-robin Actually match out log on $ext_if inet nat-to $ext_if round-robin was the result, but this part is accurate: > - meaning that return traffic wasn't necessarily seen. > > Changing the rule to > > match out log on $ext_if inet nat-to $ext_addr where $ext_addr is defined as the IPv4 address, > restored the config to a working state. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.