A couple of general comments, "keep state" is the default, no need to specify
"from any to any port = " - "to port" does the same thing quick means "if we match this, we do no more evaluation for this one". I suspect your quick rules before the nat-to match rules mean that anything that matches the quicks pass without hitting the match with the nat-to. fine if it's your intention, if not, check what really happens (tcpdump is your friend). But again, please check that you have a basic network config and connectivity to eliminate. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
