Ryan McBride <mcbr...@openbsd.org> writes:
>> match out log on xl0 inet all nat-to (xl0) round-robin
>
> This part of the behaviour is normal and has not changed (since the
> commit below, I believe). On 4.9 I get the following:
>
> i386-49$ echo "pass out on egress nat-to (egress)" | pfctl -vnf -
> pass out on egress all flags S/SA keep state nat-to (egress) round-robin
> i386-49$
>
> The interface may have more than one address...
That's probably just me not noticing, but the odd part is that while
this interface has several addresses, it only has one IPv4 address:
peter@skapet:~$ ifconfig xl0
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:50:da:21:cb:c9
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 213.187.179.198 netmask 0xfffffffc broadcast 213.187.179.199
inet6 fe80::250:daff:fe21:cbc9%xl0 prefixlen 64 scopeid 0x3
inet6 2001:16d8:ccbc:dead:beef::1 prefixlen 64
But anyway, with this snapshot I don't need to rewrite the NAT parts of
my tutorial :)
- P
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
