-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reinhard Haller <[EMAIL PROTECTED]> wrote: > > Based on the last rule there is no way to distinguish forwarded from > local outgoing traffic. > > Any suggestions?
Change this rule like so: > nat on $ext_if from !($ext_if) -> ($ext_if) to > nat pass on $ext_if from !($ext_if) -> ($ext_if) This way, all traffic chosen to be nat'd will also pass the ruleset. Or rather, bypass the ruleset. I am worried about your rule, though, because it seems that any even traffic arriving from the Internet will have a source IP of !($ext_if), so it will end up matching ALL traffic. - -- David DeSimone == Network Admin == [EMAIL PROTECTED] "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFG+sb9FSrKRjX5eCoRAq6sAJ0bd5YUF1CxNl9og78X9PaKg61gXwCfSDn6 GdZ6ARC0dBlz4Lm6Uo9ZE5s= =gMmc -----END PGP SIGNATURE----- _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"