On 16 June 2015 at 03:09, Richard Procter <[email protected]> wrote:
> - I was unable to test af-to, which does a lot of packet fiddling.
> I've never used it before and was unable to get it working on a
> generic kernel. I figure I'm just missing something. I used the line
>
> pass out on vr0 inet af-to inet6 from fec0:0:0:2::1 to fec0:0:0:2::2
>
> but although inet4 tcp connection attempts were translated
> to fec0:0:0:2::2, its SYN replies received RST from the
> router, fec0:0:02:::1.
>
You didn't read the pf.conf manual page carefully:
[...] Because address family translation
overrides the routing table, it's only possible to use af-to on
inbound rules, and a source address for the resulting
translation must always be specified.
And all example rules after that use "pass in".
