Hello Tuyosi, Thursday, June 26, 2014, 5:34:05 AM, you wrote:
TT> accordin to man pf.conf TT> 10.0.0.0 - 10.255.255.255 (all of net 10, i.e. 10/8) TT> 172.16.0.0 - 172.31.255.255 (i.e. 172.16/12) TT> 192.168.0.0 - 192.168.255.255 (i.e. 192.168/16) TT> nat-to is usually applied outbound. If applied inbound, nat-to TT> to a local IP address is not supported. It is confusing, but probably means something else. I have a number of nat-to to "private" IPs, and they work fine. I'm not running the latest version, but hope the nat-to behavior hasn't changed (the man hasn't). The nat-to could be tricky, you need to make sure packets in question are going into the interface you want *before* the NAT. Here comes the routing, which is specially tricky, because in a number of cases running "route add" isn't enough (or doesn't help at all). -- Best regards, Boris mailto:bo...@twopoint.com
