Hello, I tried to parse (with pfctl -nvf) the rule
match on enc0 from 192.168.1.0/24 to 192.168.2.0/24 nat-to 10.10.10.1 and all I got was: pf.tmp:1: nat-to and rdr-to require a direction pf.tmp:1: skipping rule due to errors pf.tmp:1: rule expands to no valid combination So I guess what's missing is "out": Index: src/sbin/iked/iked.conf.5 =================================================================== RCS file: /cvs/src/sbin/iked/iked.conf.5,v retrieving revision 1.32 diff -u -p -r1.32 iked.conf.5 --- src/sbin/iked/iked.conf.5 6 May 2014 13:09:18 -0000 1.32 +++ src/sbin/iked/iked.conf.5 4 Aug 2014 12:40:05 -0000 @@ -718,7 +718,7 @@ a relevant NAT rule is required in For the example above, this would be: .Bd -literal -offset indent -match on enc0 from 192.168.1.0/24 to 192.168.2.0/24 nat-to 10.10.10.1 +match out on enc0 from 192.168.1.0/24 to 192.168.2.0/24 nat-to 10.10.10.1 .Ed .Pp From the peer's point of view, -------------------------------------------------- I tried to parse (hostapd -dv -f) the example in hostapd.conf and I got: hostapd.tmp:4: syntax error invalid configuration in hostapd.tmp bye! So the patch is: Index: hostapd.conf.5 =================================================================== RCS file: /cvs/src/usr.sbin/hostapd/hostapd.conf.5,v retrieving revision 1.42 diff -u -p -r1.42 hostapd.conf.5 --- hostapd.conf.5 3 Sep 2013 20:44:01 -0000 1.42 +++ hostapd.conf.5 5 Aug 2014 10:51:56 -0000 @@ -798,8 +798,8 @@ For example: .Bd -literal -offset indent # Assign IP addresses to layer 2 addresses table <clients> { - 00:02:6f:42:d0:01 -> 172.23.5.1/30 - 00:05:4e:45:d3:b8 -> 172.23.5.4/30 + 00:02:6f:42:d0:01 -> 172.23.5.1/30, + 00:05:4e:45:d3:b8 -> 172.23.5.4/30, 00:04:2e:12:03:e0 -> 172.23.5.8/30 } Cheers, -- Vigdis